RE: assigning a vlan-id after successful authentication
First, this information is well documentedÂ… both by ProCurve and in RFC3580. That said the AV pairs you're looking for are as follows: Tunnel-Medium-Type = 802 Tunnel-Private-Group-ID = 123 (the VLAN) Tunnel-Type = VLAN Jeff Original Message Subject: assigning a vlan-id after successful authenticationFrom: Sven Juergensen [EMAIL PROTECTED]Date: Fri, November 11, 2005 8:48 pmTo: freeradius-users@lists.freeradius.orghello people,how does the above mentioned work? i amnot quite sure where to start. is itembedded in the 'Reply-Message' or doesit have to do with the tunnel-types?i'm trying to supply a vlan-id to anhp2626 with mac-based authentication.couldn't find this in the faq orrelevant conf-files either - what ami missing?thanks alot in advance,sven- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: assigning a vlan-id after successful authentication
Sure but that aint working.. at least not on my switches and dont ask me why... I usually have 2-3 computers on one port ( but computers have the same VLANID in RADIUS ), so might that be the problem? Regards, Edvin Seferovic From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Reilly Sent: Sonntag, 13. November 2005 21:58 To: FreeRadius users mailing list Subject: RE: assigning a vlan-id after successful authentication First, this information is well documented both by ProCurve and in RFC3580. That said the AV pairs you're looking for are as follows: Tunnel-Medium-Type = 802 Tunnel-Private-Group-ID = 123 (the VLAN) Tunnel-Type = VLAN Jeff Original Message Subject: assigning a vlan-id after successful authentication From: Sven Juergensen [EMAIL PROTECTED] Date: Fri, November 11, 2005 8:48 pm To: freeradius-users@lists.freeradius.org hello people, how does the above mentioned work? i am not quite sure where to start. is it embedded in the 'Reply-Message' or does it have to do with the tunnel-types? i'm trying to supply a vlan-id to an hp2626 with mac-based authentication. couldn't find this in the faq or relevant conf-files either - what am i missing? thanks alot in advance, sven - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: assigning a vlan-id after successful authentication
The 2626 supports1 VLAN per port.I'm not sureexactly howthe2626deals with multiple supplicants... but I would bet (based on passed experience on other switches)... the 2626 ignores all 802.1x (EAP Starts) from any subsequent endpoints afterthe first successful authentication (untilthe portsees link-down or an EAP logoff form the original supplicant). Whatever provisioning (VLANs in your case) is based on the first endpoints authentication/authorization… all other endpoints will share the same level of access as the first (authenticated supplicant). Jeff Original Message Subject: RE: assigning a vlan-id after successful authenticationFrom: "Seferovic Edvin" [EMAIL PROTECTED]Date: Sun, November 13, 2005 2:35 pmTo: "'FreeRadius users mailing list'"freeradius-users@lists.freeradius.org Sure – but that ain't working.. at least not on my switches and don't ask me why... I usually have 2-3 computers on one port ( but computers have the same VLANID in RADIUS ), so might that be the problem? Regards, Edvin Seferovic From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff ReillySent: Sonntag, 13. November 2005 21:58To: FreeRadius users mailing listSubject: RE: assigning a vlan-id after successful authentication First, this information is well documented both by ProCurve and in RFC3580. That said the AV pairs you're looking for are as follows: Tunnel-Medium-Type = 802 Tunnel-Private-Group-ID = 123 (the VLAN) Tunnel-Type = VLAN Jeff Original Message Subject: assigning a vlan-id after successful authenticationFrom: Sven Juergensen [EMAIL PROTECTED]Date: Fri, November 11, 2005 8:48 pmTo: freeradius-users@lists.freeradius.orghello people,how does the above mentioned work? i amnot quite sure where to start. is itembedded in the 'Reply-Message' or doesit have to do with the tunnel-types?i'm trying to supply a vlan-id to anhp2626 with mac-based authentication.couldn't find this in the faq orrelevant conf-files either - what ami missing?thanks alot in advance,sven- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: assigning a vlan-id after successful authentication
I am aware of the fact that 1 VLAN per port is possible. Besides I am using mac-based authentication, so Ive tried what happens when I connect only one computer per switch port, but as I already have written, the Radius-Reply is kind of ignored L. Has anyone have such problems or its just me? L Jeff, do you maybe know how VLAN assignment is being done with mac-based auth? Would it on link-down set the port VLAN to the manually set for unauthorised clients? TIA ! Regards, Edvin Seferovic From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Reilly Sent: Montag, 14. November 2005 04:11 To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: RE: assigning a vlan-id after successful authentication The 2626 supports1 VLAN per port.I'm not sureexactly howthe2626deals with multiple supplicants... but I would bet (based on passed experience on other switches)... the 2626 ignores all 802.1x (EAP Starts) from any subsequent endpoints afterthe first successful authentication (untilthe portsees link-down or an EAP logoff form the original supplicant). Whatever provisioning (VLANs in your case) is based on the first endpoints authentication/authorization all other endpoints will share the same level of access as the first (authenticated supplicant). Jeff Original Message Subject: RE: assigning a vlan-id after successful authentication From: Seferovic Edvin [EMAIL PROTECTED] Date: Sun, November 13, 2005 2:35 pm To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Sure but that ain't working.. at least not on my switches and don't ask me why... I usually have 2-3 computers on one port ( but computers have the same VLANID in RADIUS ), so might that be the problem? Regards, Edvin Seferovic From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Reilly Sent: Sonntag, 13. November 2005 21:58 To: FreeRadius users mailing list Subject: RE: assigning a vlan-id after successful authentication First, this information is well documented both by ProCurve and in RFC3580. That said the AV pairs you're looking for are as follows: Tunnel-Medium-Type = 802 Tunnel-Private-Group-ID = 123 (the VLAN) Tunnel-Type = VLAN Jeff Original Message Subject: assigning a vlan-id after successful authentication From: Sven Juergensen [EMAIL PROTECTED] Date: Fri, November 11, 2005 8:48 pm To: freeradius-users@lists.freeradius.org hello people, how does the above mentioned work? i am not quite sure where to start. is it embedded in the 'Reply-Message' or does it have to do with the tunnel-types? i'm trying to supply a vlan-id to an hp2626 with mac-based authentication. couldn't find this in the faq or relevant conf-files either - what am i missing? thanks alot in advance, sven - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: assigning a vlan-id after successful authentication
Hi, I have been trying to do that on HP 2626 ! But the attributes ( according to RFC 3500 - I think this one is the right one ) are not accepted by 2626 :( for some bloody reason the Tunnel-Type aren't accepted by the switch. In the manuals HP writes that Switch expects VID in the RADIUS reply message. Ive tried this one too - but no good :( I think maybe someone should ask HP how they expect this to work! Regards, Edvin Seferovic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sven Juergensen Sent: Samstag, 12. November 2005 04:48 To: freeradius-users@lists.freeradius.org Subject: assigning a vlan-id after successful authentication hello people, how does the above mentioned work? i am not quite sure where to start. is it embedded in the 'Reply-Message' or does it have to do with the tunnel-types? i'm trying to supply a vlan-id to an hp2626 with mac-based authentication. couldn't find this in the faq or relevant conf-files either - what am i missing? thanks alot in advance, sven - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
