> >How you see this is the configuration from my switch. >In the file users I have the following configuration. >+++++++++++++++++++++++++++++++++++++++++++++ >carlos User-Password == "carlos" > Service-Type = Framed-User, > Tunnel-Type = VLAN, > Tunnel-Medium-Type = IEEE-802, > Tunnel-Private-Group-Id = 2 > >saul User-Password == "saul" > Service-Type = Framed-User, > Tunnel-Type = VLAN, > Tunnel-Medium-Type = IEEE-802, > Tunnel-Private-Group-ID = 4 > >+++++++++++++++++++++++++++++++++++++++++++++ > >Now the problem is that: The PC client (WindowsXP) is connected to the >port 17 for that it is included in the vlan 4. When I intro the user: >carlos and his password: carlos it shouldn't autenticate becauses it >user is asigned to the vlan 2. But the problem is that the user is >autenticate and has access to the vlan4. > >My conclution is that: Tunnel-Type = VLAN, > Tunnel-Medium-Type = IEEE-802, > Tunnel-Private-Group-Id = 2 >don work.
Your conclusion is most likely wrong. It sounds like you don't have dynamic VLANs. Tunnel attributes will then get ignored and only username & password will be relevant. So client will connect. Tunnel attributes are sent in the reply to the switch. If the switch doesn't support dynamic VLAN assignment ... Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
