>I have been having trouble recently with getting dynamic VLAN >assignment working on my Cisco AP. Clients are successfully >authenticating with FreeRADIUS. However, they do not seem to be >picking up extra attributes from the "users" file (below is the >relevant portion of it). > >wgraeber NT-Password := "XXX" > Tunnel-Type = VLAN, > Tunnel-Medium-Type = 802, > Tunnel-Private-Group-ID = 100 > >The users are just directed to their original VLAN instead of this >portion overriding it. When I try to authenticate to the access point >with "radtest," I get the following output: > ># radtest wgraeber XXX 127.0.0.1 10 XXX >Sending Access-Request of id 42 to 127.0.0.1 port 1812 > User-Name = "wgraeber" > User-Password = "XXX" > NAS-IP-Address = 127.0.0.1 > NAS-Port = 10 >rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=42, length=37 > Tunnel-Type:0 = VLAN > Tunnel-Medium-Type:0 = 802 > Tunnel-Private-Group-Id:0 = "100" > >Furthermore, the Tunnel-Type, Tunnel-Medium-Type, and >Tunnel-Private-Group-Id attributes in the console when actually >authenticating and watching the output of "radiusd -X" on another >machine. The access point *should* support this out of the box >according to the Cisco specs. This is my first FreeRADIUS >implementation, so I don't know if I'm missing any magic options. >
You have done what you were suposed to on freeradius. Do debug aaa on Cisco and see what has happened to the attributes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
