Thank you, I will try using the radius proxy to know what are exactly the attributes Ignition Server sends to WLAN controller.
On 03/26/2014 12:02 PM, Klara Mall wrote: > Hi, > > On 03/26/2014 06:40 PM, Roberto Pantoja wrote: >> I have a problem trying to assign dynamic VLANs to users on a >> WPA2-Enterprise configuration. Users have successful authentication and >> if I don't send the Radius Attribute "Tunnel-Private-Group-ID" The >> Wireless Controller connects me to the default VLan for the SSID, but >> when I send "Tunnel-Private-Group-ID", the Wireless Controller simply >> drops out my connection. The Wireless controller documentation says the >> required attributes in the Access-Accept Reply are "Tunnel-Type=VLAN, >> Tunnel-Medium-Type=802, Tunnel-Private-Group-ID=<Name of VLAN>". >> Everything works fine using Ignition Server (Avaya's Radius Server). But >> on product's documentation says WC8180 comply with RFC Standards and >> mentions to be "compatible and validated" with freeradius and Microsoft >> IAS, so I think my case is a configuration issue. > Are you sure that it's > Tunnel-Type=VLAN, Tunnel-Medium-Type=802, Tunnel-Private-Group-ID=<Name > of VLAN> > for your wireless controller? > > We have an HP ProCurve WLAN Controller and I have to send: > Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-ID = > <vlan-id> > > It's the same for our LANCOM Access Points which are autonomous (no > controller). > > I found a document "Avaya WLAN 8100 Fundamentals" regarding AVAYA WC8180 > WLAN Controller. They say WC8180 is part of the WLAN 8100 solution. > http://198.152.212.23/css/P8/documents/100161076 (PDF file) > > On page 87 they talk about authorization attributes: > Tunnel-Private-Group-Id: Mobility VLAN Name > Tunnel-Medium-Type: The value is 6 (IEEE 802) > Tunnel-Type: The value is 13 (VLAN) > > So perhaps you have to send > > Tunnel-Type=13, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=<Name of VLAN> > > Apart from that: is it possible to proxy the request of the controller > through radiator to the Ignition Server i.e. to configure the radiator > server as a client on the Ignition Server? Then you'd see all attributes > that the Ignition Server is sending in the radiator debug log. > > Regards > Klara > -- --------------------------------------- Roberto Carlos Pantoja Valdizón Analista de Sistemas ATI/GDEI/LaGeo This message has been scanned for malware by Websense. www.websense.com _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator