Hi,
I know this subject have been brought up but I'm kind of stuck and I hope
I can get a little help.
I am trying to assign vlans from freeradius to a cisco 3550 switch but its
not working.
I keep getting the following in the debug in the switch:
3w6d: RADIUS:
Hi Alan and thanks for your reply,
I changed it as you suggested and I still got the same behavior:
Users
wassim Cleartext-Password := wassim
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id = 100
Radiusd -X:
# Executing section post-auth from
On 04/25/2012 08:52 AM, Wassim Zaarour wrote:
Hi Alan and thanks for your reply,
I changed it as you suggested and I still got the same behavior:
You're sending the right replies; the problem is with the NAS. Suggest
you consult the Cisco docs.
The 3550 is an older switch; are you sure it
Hi Phil,
Look at this
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg40162.
html
The user says that it worked, I tried the attributes he used and still got
the same error.
On 4/25/12 11:10 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 04/25/2012 08:52 AM,
@lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera
dius.org] On Behalf Of Wassim Zaarour
Sent: Wednesday, April 25, 2012 1:56 AM
To: FreeRadius users mailing list
Subject: Assign VLAN from freeradius to Cisco 3550 switch.
Hi all,
I know this subject have been
On 25/04/12 09:28, Wassim Zaarour wrote:
Hi Phil,
Look at this
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg40162.
html
The user says that it worked, I tried the attributes he used and still got
the same error.
Then logically, the problem is at your end. Check the
: Wednesday, April 25, 2012 1:50 PM
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: RE: Assign VLAN from freeradius to Cisco 3550 switch.
I am seeing EAP in the messages. Have you enabled EAP in your inner-tunnel
or at all in your config?
Either way this seems pretty
Wassim Zaarour wrote:
Look at this
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg40162.html
The user says that it worked, I tried the attributes he used and still got
the same error.
I don't even know how this was ever working for that user. On my wired switch
Hi Brian,
Thanks for your reply, where do I exactly need to put this configuration?
In the users file?
Do you have any experience with the 2960 switches?
Wassim
On 4/25/12 4:07 PM, Brian Julin bju...@clarku.edu wrote:
Wassim Zaarour wrote:
Look at this
Hi,
Thanks for your reply, where do I exactly need to put this configuration?
In the users file?
I can tell you right now that you dont need that hack to assign VLANs on cisco
switches (well, not if you are running reasonably up to date firmware on the
cisco devices anyway - ie something less
Alan Buxley wrote
I can tell you right now that you dont need that hack to assign VLANs on cisco
switches (well, not if you are running reasonably up to date firmware on the
cisco devices anyway - ie something less than 2 years old)
The latest public firmware for the 3550 is 3+ years old,
hello,
still with the same issue about vlan assignment.
so to sum up
In my users file:
doctorCleartext-Password := mypass
cisco-avpair= tunnel-type(#64)=VLAN(13),
cisco-avpair= tunnel-medium-type(#65) = 802 media(6),
means vlan is not communicated between the
freeradius and switch, but we don't know why
2010/3/4 omega bk omeg...@gmail.com
hello,
still with the same issue about vlan assignment.
so to sum up
In my users file:
doctorCleartext-Password := mypass
authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
means freeradius sent correctly VLAN attributes, but switch doesn't received
them.
Any one can help me?
2010/3/4 omega bk omeg...@gmail.com
means vlan is not communicated between the
freeradius and switch
this is my show logging on my switch, means that the switch doesn't receive
a radius vlan attribute:
Log Buffer (4096 bytes):
Recv-Key [17] 52 *
02:13:40: RADIUS: Vendor, Microsoft [26] 58
02:13:40: RADIUS: MS-MPPE-Send-Key [16] 52 *
02:13:40: RADIUS: EAP-Message [79] 6
ok, it works now.
it was Tunnel-Medium-type = IEEE-802 instead of 802 only.
Now i can assign the sucessfull authenticated VLAN.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
so i would like to redirect my winxp authenticated to VLAN1 and if not
authenticated , this client must be in vlan2
i got a switch cisco
so how to handla this with freeradius?
thank u
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
omega bk omeg...@gmail.com writes:
Hi,
so i would like to redirect my winxp authenticated to VLAN1 and if not
authenticated , this client must be in vlan2
i got a switch cisco
so how to handla this with freeradius?
Depends on how you do the authentication:
Using certificates (either
Am Mittwoch, 3. März 2010 15:34:56 schrieb Jens Link:
omega bk omeg...@gmail.com writes:
Hi,
so i would like to redirect my winxp authenticated to VLAN1 and if not
authenticated , this client must be in vlan2
i got a switch cisco
so how to handla this with freeradius?
Depends on
in fact,
i got my client wired with winxp and authentication works well in 802.1x
this client is connected directly in my switch trough vlan3
i would like dynamically assign a successfull authentication trough vlan2
and faillure authentication to vlan1
autthentication is based in users file
Hi,
Hello,
so i would like to redirect my winxp authenticated to VLAN1 and if not
authenticated , this client must be in vlan2
i got a switch cisco
so how to handla this with freeradius?
read the cisco docs on dealing with 802.1X.
you should never use VLAN1 for users - most would
Am Mittwoch, 3. März 2010 15:45:56 schrieb omega bk:
in fact,
i got my client wired with winxp and authentication works well in 802.1x
this client is connected directly in my switch trough vlan3
i would like dynamically assign a successfull authentication trough vlan2
and faillure
2) set the switch to use RADIUS return attributes for VLAN (and for
session time etc)
and set the fail VLAN and guest VLAN to Y = that's really what i want to
do so in my users file
myuser Cleartext-Password := user
Tunnel-type = VLAN,
On 03/03/2010 03:01 PM, omega bk wrote:
2) set the switch to use RADIUS return attributes for VLAN (and for
session time etc)
and set the fail VLAN and guest VLAN to Y = that's really what i want
to do so in my users file
myuser Cleartext-Password := user
Tunnel-type
On Wed, Mar 3, 2010 at 10:44 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
but how to set the fail VLAN and guest VLAN to Y ???
Setting the Fail and Guest VLAN by radius doesn't make any sense.
The Fail vlan is what to use when the radius server is unavailable.
The Guest vlan is what to do
Jens Link wrote:
@Alan: I would document VMPS in some more detail in the wiki if my
access would be working. ;-)
It seems to be fine now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Joel MBA OYONE wrote:
So if SSID friend is assigned to VLAN 100, the end-user will associate
with that SSID, right??
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok. wrote:
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
OK, is it possible to associate in SSID_1 and be assigned to a different VLAN
than the we are associated in ? (exemple, when i am associated to SSID_1, which
belongs to VLAN100, RADIUS
Joel MBA OYONE wrote:
No. VLAN assignment is after SSID association, and after 802.1x
authentication.
OK, is it possible to associate in SSID_1 and be assigned to a different
VLAN than the we are associated in ?
That doesn't make sense. SSID's aren't tied to VLANs, unless you
configure
Alan,
I possess a device from D-Link (DWS-3024). it is a wireless switch controler,
and the documentation says that:
- One SSID has to be affect to one VLAN on the profile.
- An Access point could be configured with up to 8 ifferent SSIDs and it is
possible to affect each SSID on its own
HI Joel,
I think the issue here is that the D-Link AP's you have are rather
limited.
Radius can not ever assign an SSID because that step occurs before the
user authenticated. Wireless starts with an association from the user
to the AP's SSID from there the AP decides what needs to
Thank you Joe for your answer!
We all agree that assocation is made before authentication process, in order to
RADIUS to be able to do its stuffs. but the fact is that it doesn't work, and i
was wondering what would be the result if i set:
Tunnel-Private-Group-ID = 100 (when the SSID were i am
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be able to do its stuffs. but the fact is that it
doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN assignment.
and i was wondering what would be the
, 17h37mn 46s
Objet : Re: Re : Re : Dynamic VLAN and FreeRadius
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be able to do its stuffs. but the fact is that it
doesn't work,
Then your NAS is broken. Buy a real NAS that supports VLAN
Um... i think i just sent an empty response, sorry about that and thank you for
this clear explanation. i just will change my NAS!
(but i will call d-link before ).
see ya!
Joel MBA OYONE wrote:
We all agree that assocation is made before authentication process, in
order to RADIUS to be
Hi,
I am trying to get the RADIUS server to not only authenticating the
supplicant, but providing the NAS with a VLAN ID. I have tried certain
resources and haven't been able to receive the VLAN ID. Can any provide any
help in this area?
depends on your NAR - you need to send back the
All,
I am trying to get the RADIUS server to not only authenticating the
supplicant, but providing the NAS with a VLAN ID. I have tried certain
resources and haven't been able to receive the VLAN ID. Can any provide any
help in this area?
Thanks
William E. W. Russell
Member of Technical Staff
William E. Russell schrieb:
All,
I am trying to get the RADIUS server to not only authenticating the
supplicant, but providing the NAS with a VLAN ID. I have tried certain
resources and haven't been able to receive the VLAN ID. Can any provide any
help in this area?
Thanks
William
On Thu, 27 Jan 2005, Dean Michaels wrote:
To support radius assigned vlans, you need to supply the AP with
Tunnel-Type, Tunnel-Medium-Type, and Tunnel-Private-Group-ID replies.
For wireless networks, use these values in the radius profiles.
Tunnel-Medium-Type = 802
Tunnel-Type = VLAN
Hello,
Iam trying to configure My Cisco 1100 AP to use differentSSID's and
VLAN's. There is a default SSID and the definite one must be given from
freeradius as a result of the authentication process.
As authentication is done with LDAP, I have modified ldap.attrmap to read the
value,
Alejandro
-Mensaje original-De:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]En nombre de
Alejandro Martínez MarcosEnviado el: jueves, 27 de enero de
2005 12:29Para: Freeradius-UsersAsunto: Reading VLAN
from FreeRadius and sending it to Cisco AP
Hello,
Iam trying to co
To support radius assigned vlans, you need to supply the AP with
Tunnel-Type, Tunnel-Medium-Type, and Tunnel-Private-Group-ID replies.
For wireless networks, use these values in the radius profiles.
Tunnel-Medium-Type = 802
Tunnel-Type = VLAN
Tunnel-Private-Group-ID = vlan-id
-
List
42 matches
Mail list logo
