hello,
still with the same issue about vlan assignment.
so to sum up
In my users file:
doctorCleartext-Password := mypass
cisco-avpair= tunnel-type(#64)=VLAN(13),
cisco-avpair= tunnel-medium-type(#65) = 802 media(6),
means vlan is not communicated between the
freeradius and switch, but we don't know why
2010/3/4 omega bk omeg...@gmail.com
hello,
still with the same issue about vlan assignment.
so to sum up
In my users file:
doctorCleartext-Password := mypass
yet
} # server inner-tunnel
[peap] Got tunneled reply code 2
Service-Type = Framed-User
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = 802
Tunnel-Private-Group-Id:0 = 120
EAP-Message = 0x030b0004
Message-Authenticator = 0x
User-Name =
this is my show logging on my switch, means that the switch doesn't receive
a radius vlan attribute:
Log Buffer (4096 bytes):
Recv-Key [17] 52 *
02:13:40: RADIUS: Vendor, Microsoft [26] 58
02:13:40: RADIUS: MS-MPPE-Send-Key [16] 52 *
02:13:40: RADIUS: EAP-Message [79] 6
ok, it works now.
it was Tunnel-Medium-type = IEEE-802 instead of 802 only.
Now i can assign the sucessfull authenticated VLAN.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
omega bk omeg...@gmail.com writes:
Hi,
so i would like to redirect my winxp authenticated to VLAN1 and if not
authenticated , this client must be in vlan2
i got a switch cisco
so how to handla this with freeradius?
Depends on how you do the authentication:
Using certificates (either
Am Mittwoch, 3. März 2010 15:34:56 schrieb Jens Link:
omega bk omeg...@gmail.com writes:
Hi,
so i would like to redirect my winxp authenticated to VLAN1 and if not
authenticated , this client must be in vlan2
i got a switch cisco
so how to handla this with freeradius?
Depends on
in fact,
i got my client wired with winxp and authentication works well in 802.1x
this client is connected directly in my switch trough vlan3
i would like dynamically assign a successfull authentication trough vlan2
and faillure authentication to vlan1
autthentication is based in users file
Hi,
Hello,
so i would like to redirect my winxp authenticated to VLAN1 and if not
authenticated , this client must be in vlan2
i got a switch cisco
so how to handla this with freeradius?
read the cisco docs on dealing with 802.1X.
you should never use VLAN1 for users - most would
Am Mittwoch, 3. März 2010 15:45:56 schrieb omega bk:
in fact,
i got my client wired with winxp and authentication works well in 802.1x
this client is connected directly in my switch trough vlan3
i would like dynamically assign a successfull authentication trough vlan2
and faillure
2) set the switch to use RADIUS return attributes for VLAN (and for
session time etc)
and set the fail VLAN and guest VLAN to Y = that's really what i want to
do so in my users file
myuser Cleartext-Password := user
Tunnel-type = VLAN,
On 03/03/2010 03:01 PM, omega bk wrote:
2) set the switch to use RADIUS return attributes for VLAN (and for
session time etc)
and set the fail VLAN and guest VLAN to Y = that's really what i want
to do so in my users file
myuser Cleartext-Password := user
Tunnel-type
On Wed, Mar 3, 2010 at 10:44 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
but how to set the fail VLAN and guest VLAN to Y ???
Setting the Fail and Guest VLAN by radius doesn't make any sense.
The Fail vlan is what to use when the radius server is unavailable.
The Guest vlan is what to do
Jens Link wrote:
@Alan: I would document VMPS in some more detail in the wiki if my
access would be working. ;-)
It seems to be fine now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
14 matches
Mail list logo
