On Mon, Oct 14, 2013 at 10:40:19AM +0100, Matthew Newton wrote:
> On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> > As you can see, the device wasn't listed in the file, the authentication
> > went fine, saying that the tunnel that I should get has ID 40, but that
> > wasn't over
On Fri, Oct 11, 2013 at 05:41:07PM +0100, Fabrizio Vecchi wrote:
> As you can see, the device wasn't listed in the file, the authentication
> went fine, saying that the tunnel that I should get has ID 40, but that
> wasn't overwritten by the authorized_macs check...
Add
DEFAULT Auth-Type := Rejec
Fabrizio Vecchi wrote:
> I guess at the end of the day my question boils down to the following:
> where should I put the MAC check, so that the user gets assigned to the
> right VLAN?
In post-auth.
> If I put it in the authorize part of sites-enabled/default, the VLAN
> update request will get
Hi Alan and thanks for the reply.
On 12 October 2013 13:42, Alan DeKok wrote:
> > So far, I managed to do the dynamic VLAN assignment, but cannot seem to
> > get it to work together with the MAC checking.
>
Get them working independently. Then, put the pieces together.
I managed to get the
Fabrizio Vecchi wrote:
> First of all, sorry if my email is very long, I am just trying not to
> leave any important details out. :)
That's good.
> So far, I managed to do the dynamic VLAN assignment, but cannot seem to
> get it to work together with the MAC checking.
They key thing to remem
On Fri, Jul 19, 2013 at 06:03:31PM +0200, Dario Palmisano wrote:
> RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs."
>
> So it seems not to be related to the IOS version, is it?
>
> Is there any way to overcome this somehow, if not...
Do you actually need multiple bssids
I'm sure there was some late in the day ios updates for 1130 series AP this
stuff works with capwap/lwapp 1131 anyway, if MBSSID is not supported with
dynamic vlan assignment so don't use mbssid, use guest mode instead.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradiu
At the end, thanks to the list suggestions I found in the cisco docs the
sentence:
"Keep these guidelines in mind when configuring multiple BSSIDs:
RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs."
So it seems not to be related to the IOS version, is it?
Is there any w
On Fri, Jul 19, 2013 at 04:20:51PM +0200, Dario Palmisano wrote:
> > is this a 'fat/autonomous' AP? if so, then only latest firmware can handle
> > multiple VLANS per 802.1X SSID with multiple BSSIDs present.
>
> This could be the problem, I found something in the Cisco documentation but
> was u
On Friday 19 July 2013 16:54:13 a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
> > The specific configuration works fine I remove the following line from
> > users file:
> > Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-
> > Group-ID := 218
>
> Tunnel-Type = VLAN,
>
On Friday 19 July 2013 16:29:57 Arran Cudbard-Bell wrote:
> On 19 Jul 2013, at 15:10, Dario Palmisano wrote:
> > On Friday 19 July 2013 15:49:55 Arran Cudbard-Bell wrote:
> >> On 19 Jul 2013, at 14:37, Dario Palmisano
wrote:
> >>> Hello Everybody,
> >>>
> >>> I am configuring my freeradius to be
Hi,
> Here you can download the (almost complete) debug log. Near the end I added a
> text to make evident when I disconnected.
>
> http://webshare.icgeb.org//data/public/ce2e2ee9fbd84c362fd49b10805b36c8.php?lang=en
please dont ask me to visit random web sites that require to to click on things
Hi,
> The specific configuration works fine I remove the following line from users
> file:
> Tunnel-Type := VLAN, Tunnel-Medium-Type := IEEE-802, Tunnel-Private-
> Group-ID := 218
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID =
On 19 Jul 2013, at 15:10, Dario Palmisano wrote:
> On Friday 19 July 2013 15:49:55 Arran Cudbard-Bell wrote:
>> On 19 Jul 2013, at 14:37, Dario Palmisano wrote:
>>> Hello Everybody,
>>>
>>> I am configuring my freeradius to be integrated in the EDUROAM
>>> federation. It works when the VLAN (a
You are right, I know!
On Friday 19 July 2013 15:52:43 a.l.m.bu...@lboro.ac.uk wrote:
> Hi,
>
> > I am configuring my freeradius to be integrated in the EDUROAM
> > federation. It works when the VLAN (as configured in the accesspoint) is
> > statically assigned.
>
> there are hundreds of sites us
On Friday 19 July 2013 15:49:55 Arran Cudbard-Bell wrote:
> On 19 Jul 2013, at 14:37, Dario Palmisano wrote:
> > Hello Everybody,
> >
> > I am configuring my freeradius to be integrated in the EDUROAM
> > federation. It works when the VLAN (as configured in the accesspoint) is
> > statically assig
Hi,
> I am configuring my freeradius to be integrated in the EDUROAM federation.
> It works when the VLAN (as configured in the accesspoint) is statically
> assigned.
there are hundreds of sites using this sort of configuration for eduroam - so
its perfectly possible and fine (and standard!) so
On 19 Jul 2013, at 14:37, Dario Palmisano wrote:
> Hello Everybody,
>
> I am configuring my freeradius to be integrated in the EDUROAM federation.
> It works when the VLAN (as configured in the accesspoint) is statically
> assigned.
>
> Now I would like to implement a "dynamic vlan assignment
Hi guys
I had to also set the "*use_tunneled_reply=yes*" in the eap.conf to get
the Dynamic vlan assignment to work
On 12 July 2013 19:42, val john wrote:
> Hi guys ,
>
> Small question , do i need to import radius ldap schema ( items like
> radiusprofiles
> ) to our ldap server to get this
Hi guys ,
Small question , do i need to import radius ldap schema ( items like
radiusprofiles
) to our ldap server to get this VLAN assignment work
Thank You
john
On 12 July 2013 18:39, Arran Cudbard-Bell wrote:
>
> On 12 Jul 2013, at 13:57, val john wrote:
>
> > Hi guys ,
> >
> > i have a
On 12 Jul 2013, at 13:57, val john wrote:
> Hi guys ,
>
> i have a freeradius setup that works with ldap group authentication ,i also
> need to configure the dynamic VLAN assignment , so i configured the "users"
> file as fallows ,
>
> DEFAULT Ldap-Group == "cn=staff,ou=groups,dc=ldap,dc=e
I believe I resolved this. I used eapol_test to get all wanted
result, and will try on real NAS later on.
The following is what I did. Basically I followed Alexander's example,
Modified peap section in eap.conf to use another virtual server "auth"
instead of inner-tunnel virtual server. I almost
schilling wrote:
>
> Thanks a lot.
>
> More questions.
>
> If you want to lower the load (and authentication latency) on your AD
> servers then you might want to look at the following too:
>
> http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg65781.html
>
First things first,
Thanks a lot.
More questions.
If you want to lower the load (and authentication latency) on your AD
servers then you might want to look at the following too:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg65781.html
I am trying to follow your comment on this. I now realiz
schilling wrote:
>
> I am trying to play with your configuration, basically I have a
> virtual server call auth as your example, and modified my eap.conf for
> peap to use auth.
>
> what's the config:local.MY.realm? My debug showed
>
Phil pretty much covered it (and in a neater manner I was not
On 01/24/2011 08:35 PM, schilling wrote:
Hi Alexander,
I am trying to play with your configuration, basically I have a
virtual server call auth as your example, and modified my eap.conf for
peap to use auth.
what's the config:local.MY.realm? My debug showed
FreeRadius lets you write *any* con
Hi Alexander,
I am trying to play with your configuration, basically I have a
virtual server call auth as your example, and modified my eap.conf for
peap to use auth.
what's the config:local.MY.realm? My debug showed
[suffix] Looking up realm "foo.edu" for User-Name = "sd...@foo.edu"^M
[suffix]
I have the following questions for using perl though. Since I already
use LDAP or ntlm_auth for inner-tunnel mschapv0 authentication. Will
there any flag set so I can know whether LDAP or ntlm_auth is using
for mschapv0 authentication in perl script? Also if if I need to check
ldap/AD for certain a
schilling wrote:
>
> Where should I put the perl script? I already have a perl module for
> another virtual server to use radscript.
>
> I also tried unlang in post-auth, like
> if ( %{User-Name} =~ /\@/ && fooEmployeeStatus =~ /active/i ) {
>update outer.reply {
>
Hi,
> Where should I put the perl script? I already have a perl module for
> another virtual server to use radscript.
>
> I also tried unlang in post-auth, like
> if ( %{User-Name} =~ /\@/ && fooEmployeeStatus =~ /active/i ) {
> update outer.reply {
>
Where should I put the perl script? I already have a perl module for
another virtual server to use radscript.
I also tried unlang in post-auth, like
if ( %{User-Name} =~ /\@/ && fooEmployeeStatus =~ /active/i ) {
update outer.reply {
Service-Type = "
schilling wrote:
>Basically, I want to achieve
> If (ldap authorization) {
> if (ldap.employeeStatus = facstaff) {
> REPLY{'Service-Type'}= "Framed-User";
> REPLY{'Tunnel-Type'} = "VLAN";
> REPLY{'Tunnel-Medium-Type'} = "IEEE-802";
>
Attou eric wrote:
>The access point just put user1 on VLAN 30. My NAS ignore the VLAN ID
> 60 (Tunnel-Private-Group-Id:0 = "60")
Then the NAS is broken.
> contained in the Access-Accept. I try with two different models of
> Access point (zcomax and cisco)
>
>My question: Is there a par
Бисер Миланов wrote:
> Hello!
> Some time ago Alan mentioned that the new 2.1.10 version will support such a
> thing. However, I can't seem to find it in the docs. Can anyone shed some
> light on how that can be done with the new functionality?
Read the "ChangeLog". There are new attributes
This may help you.
http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-November/msg1.html
Using the Postauth_users restricting it via a ldap group should work.
On Tue, Apr 27, 2010 at 11:50 AM, Gary Gatten wrote:
> Hello all,
>
>
>
> I currently have FR v2.1.6 (Yes, I’ll upgra
Alan Buxey wrote:
>
>> > steve Cleartext-Password := "testing" Service-Type = Framed-User,
>> > Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802,
>> > Tunnel-Private-Group-ID = 2
>> >
>> I have no idea why people keep insisting on doing this, but make
>> 'Tunnel-Private-Group-ID' the VLAN *na
Alan Buxey wrote:
>
>> > steve Cleartext-Password := "testing" Service-Type = Framed-User,
>> > Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802,
>> > Tunnel-Private-Group-ID = 2
>> >
>> I have no idea why people keep insisting on doing this, but make
>> 'Tunnel-Private-Group-ID' the VLAN *na
Hi,
> > steve Cleartext-Password := "testing" Service-Type = Framed-User,
> > Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802,
> > Tunnel-Private-Group-ID = 2
> >
> I have no idea why people keep insisting on doing this, but make
> 'Tunnel-Private-Group-ID' the VLAN *name*. You are only goi
Guillermo Borrallo wrote:
>
> I have a problem to change vlan on a Catalyst 2950 switch using the
> 802.1x protocol. The problem is that no changes to the vlan you
> specified. The authentication and validation of the user is correct,
> but does not change vlan.
>
You might want to consider re
> Thank you very much for your help! Now it works beautifully!
>
> My next step is to integrate FreeRadius with my Windows domain to use
> Windows AD for authentication. I am sure I will more questions for you
> guys!
http://deployingradius.com/documents/configuration/active_directory.html
Ivan K
:53 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLAN assignment works on EAP-MD5, but not
EAP-PEAP!!!
> I have figured out how to configure attributes. Here is my "user"
file:
>
>
>
> test Cleartext-Password := "test"
>
> Tunnel-Type =
> I have figured out how to configure attributes. Here is my "user" file:
>
>
>
> test Cleartext-Password := "test"
>
> Tunnel-Type = 16777229,
>
> Tunnel-Medium-Type = 16777222,
>
> Tunnel-Private-Group-ID = 3
>
>
>
> When I use MD5-Challenge, I got put in the right vlan
Gary Gatten wrote:
> I'm assuming I can do roughly the same thing with NTLM_AUTH? I "have"
> to use NTLM_Auth for 8021x (right? - at least all docs say this),
No, they don't.
They say that you need to use ntlm_auth for authentication in
*certain* cases, when the user database is Active Direc
> Agreed. I didn't know if I could do some group checking with ntlm_auth,
> more accurately get a list of groups a user belongs to? If I used FQDN I
> could prolly parse out the info I need from the user name as well:
> gary.neteng.waddell Ill try LDAP - good learning experience!
>
No need. AD
> So, by looking at this more carefully I'll have to do a bunch of
> if/else's or cases? What if for instance I have 500 departments/groups
> - 500 different vlans? I'll have to test each one?
>
> I guess what I was hoping to do was something like:
>
> Get attribute "n" for user y (where n = a va
ginal Message -
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
To: freeradius-users@lists.freeradius.org
Sent: Mon Aug 24 15:48:40 2009
Subject: RE: Dynamic VLAN attribute in LDAP or AD?
> Interesting... I'm assuming I could use existing LDAP attribs and re
ntication tool that returns 0 or 1 depending on
the correctness of a password. This is an authorization question - what
kind of access will the authenticated user be given?
> -Original Message-
> From: Jason Alderfer [mailto:j...@emu.edu]
> Sent: Monday, August 24, 2009 2:10 PM
riginal Message-
From: Gary Gatten
Sent: Monday, August 24, 2009 10:34 AM
To: 'FreeRadius users mailing list'
Cc: 'Jason Alderfer'
Subject: RE: Dynamic VLAN attribute in LDAP or AD?
I'm assuming I can do roughly the same thing with NTLM_AUTH? I "have"
to us
lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.or
g] On Behalf Of Jason Alderfer
Sent: Tuesday, August 18, 2009 2:18 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLAN attribute in LDAP or AD?
> So, I'm trying to use 802.1x dynamic V
Hi,
>
> > Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
>
> Authorize
postauth ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gary Gatten wrote:
> Dude, if it's this easy that would be SWEET! The How To's for TLS/PEAP
> are a little outdated so I'm working on getting the CA working now
> (CA.all doesn't exist anymore.)
See my message to the list of an hour or two ago. In v2, you have to
do almost *nothing* to get PEA
> Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
Authorize
>>> So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
>>> working when I conf the "users" file. However, I don't want to
>>> create/maintain the users file for 2,000 users!
>>>
>>> Is there
Where coudl I put this code Authorize, autenticate, postatuh, ldap module?
2009/8/18 Jason Alderfer :
>
>> So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
>> working when I conf the "users" file. However, I don't want to
>> create/maintain the users file for 2,000 users!
>>
>>
s-bounces+ggatten=waddell@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.or
g] On Behalf Of Jason Alderfer
Sent: Tuesday, August 18, 2009 2:18 PM
To: FreeRadius users mailing list
Subject: Re: Dynamic VLAN attribute in LDAP or AD?
> So, I'm trying to u
> So, I'm trying to use 802.1x dynamic VLAN assignment. I have this
> working when I conf the "users" file. However, I don't want to
> create/maintain the users file for 2,000 users!
>
> Is there an attribute in AD / LDAP I can use for the dynamic VLAN?
> Ideally I could do this at the "Group" l
>>>I'm using version 1.1.3 so, I moved the "files" entry below the ldap
>>>entry but my DEFAULT entry in the file: users does not match or return
>>>any value.
>>>
>>
>> You should upgrade. Did something else match in files? Post the debug.
>
>Stuck with this version for now.
>
>I have a "catchall"
On Tue, Feb 17, 2009 at 11:44 AM, wrote:
>>I'm using version 1.1.3 so, I moved the "files" entry below the ldap
>>entry but my DEFAULT entry in the file: users does not match or return
>>any value.
>>
>
> You should upgrade. Did something else match in files? Post the debug.
Stuck with this vers
>I'm using version 1.1.3 so, I moved the "files" entry below the ldap
>entry but my DEFAULT entry in the file: users does not match or return
>any value.
>
You should upgrade. Did something else match in files? Post the debug.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? S
On Tue, Feb 17, 2009 at 11:04 AM, wrote:
Am I correct in saying that the LDAP-attribute that is mapped to
Tunnel-Private-Group-ID would need to be set to the value of the the
VLAN I require? The LDAP-attribute that I wish to use curently
contains values like "ITISCP" and "ENISCP
>>>Am I correct in saying that the LDAP-attribute that is mapped to
>>>Tunnel-Private-Group-ID would need to be set to the value of the the
>>>VLAN I require? The LDAP-attribute that I wish to use curently
>>>contains values like "ITISCP" and "ENISCP". I want to say if
>>>attribute value == ITI
On Tue, Feb 17, 2009 at 9:50 AM, wrote:
>>Am I correct in saying that the LDAP-attribute that is mapped to
>>Tunnel-Private-Group-ID would need to be set to the value of the the
>>VLAN I require? The LDAP-attribute that I wish to use curently
>>contains values like "ITISCP" and "ENISCP". I wan
>Am I correct in saying that the LDAP-attribute that is mapped to
>Tunnel-Private-Group-ID would need to be set to the value of the the
>VLAN I require? The LDAP-attribute that I wish to use curently
>contains values like "ITISCP" and "ENISCP". I want to say if
>attribute value == ITISCP set vl
>
>I have a value set for an attribute in LDAP, how do I "extract" the
>value from the attribute and do a comparison on it in the users file
>so I can set the VLAN?
>
ldap.attrmap file in raddb directory.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freerad
Am Freitag, 13. Februar 2009 12:36:09 schrieb Paul Dealy:
> On Fri, Feb 13, 2009 at 10:16 PM, Michael Schwartzkopff
>
> wrote:
> > Am Freitag, 13. Februar 2009 11:54:29 schrieb Paul Dealy:
> >> On Fri, Feb 13, 2009 at 9:12 PM, Michael Schwartzkopff
> >>
> >> wrote:
> >> > Am Freitag, 13. Februar
Am Freitag, 13. Februar 2009 13:39:49 schrieb Paul Dealy:
> On Fri, Feb 13, 2009 at 11:22 PM, Michael Schwartzkopff
>
> wrote:
> > Am Freitag, 13. Februar 2009 12:36:09 schrieb Paul Dealy:
> >> On Fri, Feb 13, 2009 at 10:16 PM, Michael Schwartzkopff
> >>
> >> wrote:
> >> > Am Freitag, 13. Februar
On Fri, Feb 13, 2009 at 11:22 PM, Michael Schwartzkopff
wrote:
> Am Freitag, 13. Februar 2009 12:36:09 schrieb Paul Dealy:
>> On Fri, Feb 13, 2009 at 10:16 PM, Michael Schwartzkopff
>>
>> wrote:
>> > Am Freitag, 13. Februar 2009 11:54:29 schrieb Paul Dealy:
>> >> On Fri, Feb 13, 2009 at 9:12 PM,
Am Freitag, 13. Februar 2009 12:36:09 schrieb Paul Dealy:
> On Fri, Feb 13, 2009 at 10:16 PM, Michael Schwartzkopff
>
> wrote:
> > Am Freitag, 13. Februar 2009 11:54:29 schrieb Paul Dealy:
> >> On Fri, Feb 13, 2009 at 9:12 PM, Michael Schwartzkopff
> >>
> >> wrote:
> >> > Am Freitag, 13. Februar
Am Freitag, 13. Februar 2009 12:36:09 schrieb Paul Dealy:
> On Fri, Feb 13, 2009 at 10:16 PM, Michael Schwartzkopff
>
> wrote:
> > Am Freitag, 13. Februar 2009 11:54:29 schrieb Paul Dealy:
> >> On Fri, Feb 13, 2009 at 9:12 PM, Michael Schwartzkopff
> >>
> >> wrote:
> >> > Am Freitag, 13. Februar
On Fri, Feb 13, 2009 at 10:16 PM, Michael Schwartzkopff
wrote:
> Am Freitag, 13. Februar 2009 11:54:29 schrieb Paul Dealy:
>> On Fri, Feb 13, 2009 at 9:12 PM, Michael Schwartzkopff
>>
>> wrote:
>> > Am Freitag, 13. Februar 2009 11:00:10 schrieb Paul Dealy:
>> >> On Fri, Feb 13, 2009 at 6:37 PM, M
Am Freitag, 13. Februar 2009 11:54:29 schrieb Paul Dealy:
> On Fri, Feb 13, 2009 at 9:12 PM, Michael Schwartzkopff
>
> wrote:
> > Am Freitag, 13. Februar 2009 11:00:10 schrieb Paul Dealy:
> >> On Fri, Feb 13, 2009 at 6:37 PM, Michael Schwartzkopff
> >>
> >> wrote:
> >> > Am Freitag, 13. Februar 2
On Fri, Feb 13, 2009 at 9:12 PM, Michael Schwartzkopff
wrote:
> Am Freitag, 13. Februar 2009 11:00:10 schrieb Paul Dealy:
>> On Fri, Feb 13, 2009 at 6:37 PM, Michael Schwartzkopff
>>
>> wrote:
>> > Am Freitag, 13. Februar 2009 07:17:17 schrieb Paul Dealy:
>> >> I have a working radius server (ver
Am Freitag, 13. Februar 2009 11:00:10 schrieb Paul Dealy:
> On Fri, Feb 13, 2009 at 6:37 PM, Michael Schwartzkopff
>
> wrote:
> > Am Freitag, 13. Februar 2009 07:17:17 schrieb Paul Dealy:
> >> I have a working radius server (ver 1.1.3). which I am using for
> >> 802.1x authentication of wired swit
On Fri, Feb 13, 2009 at 6:37 PM, Michael Schwartzkopff
wrote:
> Am Freitag, 13. Februar 2009 07:17:17 schrieb Paul Dealy:
>> I have a working radius server (ver 1.1.3). which I am using for
>> 802.1x authentication of wired switch ports. I would like to
>> dynamically assign users vlans. I have
Am Freitag, 13. Februar 2009 07:17:17 schrieb Paul Dealy:
> I have a working radius server (ver 1.1.3). which I am using for
> 802.1x authentication of wired switch ports. I would like to
> dynamically assign users vlans. I have cisco gear and have achieved
> basic vlan allocation by configuring
Um... i think i just sent an empty response, sorry about that and thank you for
this clear explanation. i just will change my NAS!
(but i will call d-link before ).
see ya!
Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS to be ab
Re: Re : Re : Dynamic VLAN and FreeRadius
Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS to be able to do its stuffs. but the fact is that it
> doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN
Joel MBA OYONE wrote:
> We all agree that assocation is made before authentication process, in
> order to RADIUS to be able to do its stuffs. but the fact is that it
> doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN assignment.
> and i was wondering what would be the
Thank you Joe for your answer!
We all agree that assocation is made before authentication process, in order to
RADIUS to be able to do its stuffs. but the fact is that it doesn't work, and i
was wondering what would be the result if i set:
"Tunnel-Private-Group-ID = 100" (when the SSID were i am
HI Joel,
I think the issue here is that the D-Link AP's you have are rather
limited.
Radius can not ever assign an SSID because that step occurs before the
user authenticated. Wireless starts with an association from the user
to the AP's SSID from there the AP decides what needs to happe
Alan,
I possess a device from D-Link (DWS-3024). it is a wireless switch controler,
and the documentation says that:
- One SSID has to be affect to one VLAN on the profile.
- An Access point could be configured with up to 8 ifferent SSIDs and it is
possible to affect each SSID on its own netw
Joel MBA OYONE wrote:
>> No. VLAN assignment is after SSID association, and after 802.1x
>> authentication.
>
> OK, is it possible to associate in SSID_1 and be assigned to a different
> VLAN than the we are associated in ?
That doesn't make sense. SSID's aren't tied to VLANs, unless you
con
Alan DeKok. wrote:
> No. VLAN assignment is after SSID association, and after 802.1x
> authentication.
OK, is it possible to associate in SSID_1 and be assigned to a different VLAN
than the we are associated in ? (exemple, when i am associated to SSID_1, which
belongs to VLAN100, RADIUS s
Joel MBA OYONE wrote:
> So if SSID "friend" is assigned to VLAN 100, the end-user will associate
> with that SSID, right??
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h
> for example, a Cisco device would want the tunnel medium type, type and
> private group id
Tunnel-Medium-Type = "IEEE-802"
Tunnel-Type = "VLAN"
Tunnel-Private-Group-Id = "100"
> this would tell the NAS to put the user onto VLAN 100
So if SSID "friend" is assigned to VLAN 100, the end
Hi,
> I am trying to get the RADIUS server to not only authenticating the
> supplicant, but providing the NAS with a VLAN ID. I have tried certain
> resources and haven't been able to receive the VLAN ID. Can any provide any
> help in this area?
depends on your NAR - you need to send back the cor
William E. Russell schrieb:
> All,
>
> I am trying to get the RADIUS server to not only authenticating the
> supplicant, but providing the NAS with a VLAN ID. I have tried certain
> resources and haven't been able to receive the VLAN ID. Can any provide any
> help in this area?
>
> Thanks
>
>
>
Hi
That could be the solution for my problem, because I didn't find one
installed on the system. But where can I download this dictionary? :S
Am 06.06.2007 um 08:28 schrieb Jan Schermer / ET NETERA:
> Hi,
> I was just trying to do the same thing - the device has to support
> the VLAN settings
Hi,
I was just trying to do the same thing - the device has to support the VLAN settings from Radius, otherwise you are screwed :-(
download the radius dictionary for powerconnect 3448 and look if the parameters are in here - in my case they were not and got
ignored as well...
Jan Schermer
Li
Restricts as much as the static VLAN can.
No, our wireless clients have to use VPN(PPTP) if they want Internet mail
etc. Local traffic (game servers etc.) is left wild with only bandwidth
restrictions.
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2007, "Jan Schermer / ET NETERA" <[EMAIL PROTECTED
Do you use this scenario? Does Mikrotik really restrict each user to the given
VLAN?
Thanks
Jan Schermer
Linux Administrator
ET NETERA | smart e-business solutions
[EMAIL PROTECTED]
+420 60805
~
[ www.ahold.cz | www.annonce.cz | www.datart.cz ]
[ www.knizniweb.cz | www.siemens.cz |
Jan Schermer / ET NETERA wrote:
> Hi,
> I want to tag VLANs on the wireless AP (Mikrotik OS) according to radius
> criteria (type of autentization, DN in certificate etc.). Does someone
> here have experience with that?
> It seems easy enough to do on the freeradius side, but how is this
> suppo
/interface vlan > crete VLAN names, IDs and bind to phisical interface
/ip address > assign IP subnets to VLAN interfaces (names)
VLANS can only enhance security.
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2007, "Jan Schermer / ET NETERA" <[EMAIL PROTECTED]>
piše:
>Hi,
>I want to tag VLANs on
Robert wrote:
> I can plug a computer into the switch, have the switch grab the MAC
> addy, pass it to FR, hit the DB and return what VLAN that MAC belongs
> to, and then have the switch configure to port to the correct VLAN.
>
> Now the complication that I'm facing is that in our environment, a M
Phil Mayers wrote:
> Robert wrote:
>
>> Hello all,
>>
>> I currently have FR running and happily doing MAC authentication against
>> a MYSQL DB.
>>
>> I can plug a computer into the switch, have the switch grab the MAC
>> addy, pass it to FR, hit the DB and return what VLAN that MAC belongs
>>
Robert wrote:
> Hello all,
>
> I currently have FR running and happily doing MAC authentication against
> a MYSQL DB.
>
> I can plug a computer into the switch, have the switch grab the MAC
> addy, pass it to FR, hit the DB and return what VLAN that MAC belongs
> to, and then have the switch con
Hi,
> What I need is a way FR can not only match the MAC to a VLAN, but also
> to cross reference that result to the VLANs that are available from the
> requesting switch.
either use larger queries or use an extrenal perl or php script to do the work
in your DB you'd need to add a few more colu
Why not use public secure password forwarding?
" Public Secure Packet Forwarding (PSPF) prevents client devices
associated to an access point from inadvertently sharing files or
communicating with other client devices associated to the access point.
It provides Internet access to client devic
er [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 25, 2004 10:42 AM
To: [EMAIL PROTECTED]
Subject: Re: Dynamic VLAN assignment
well, i thought Dan was speaking about a new VLAN per user not per AP.
this is possible with Cisco APs. as far as i know, 1200 and 1100 can do
trunking.
ciao
artur
Wil
:-)
ok, though i don't know what these magic private VLANs would be
technically... with VLANs either you mark ports or you mark packets.
what can they do in an AP? they can mark the port where it's plugged in
as VLANx or they can make the AP send packets marked as appertaining to
VLANx...
well
: Artur Hecker [mailto:[EMAIL PROTECTED]
Sent: Monday, May 24, 2004 5:40 PM
To: [EMAIL PROTECTED]
Subject: Re: Dynamic VLAN assignment
i don't know, but i would say execute an external program which reads a
VLAN list file and attibutes and marks as used the next unused VLAN.
but you will end up
1 - 100 of 113 matches
Mail list logo