Tom was correct, and I have changed the Tunnel-Medium-Type to "6". The corresponding radtest output shows it is correctly translated to "IEEE-802". However, I am still not bumped into the correct VLAN. In the Cisco debug logs, I see these lines:
*Mar 1 00:09:30.630: AAA/ATTR(00000000): add attr: 0125E6C0 0 00000001 tunnel-medium-type(336) 4 ALL_802 *Mar 1 00:09:30.630: AAA/ATTR(00000000): add attr: 0125E6D4 0 00000001 tunnel-type(344) 4 VLAN *Mar 1 00:09:30.630: AAA/ATTR(00000000): add attr: 0125E6E8 0 00000009 tunnel-private-group-id(297) 3 100 *Mar 1 00:09:30.634: AAA/ATTR(0000000B): del attr: 0125E6C0 0 00000001 tunnel-medium-type(336) 4 ALL_802 *Mar 1 00:09:30.634: AAA/ATTR(0000000B): del attr: 0125E6D4 0 00000001 tunnel-type(344) 4 VLAN *Mar 1 00:09:30.634: AAA/ATTR(0000000B): del attr: 0125E6E8 0 00000009 tunnel-private-group-id(297) 3 100 The full log may be viewed at: http://dpaste.com/112610/ Also, I have posted my eap.conf here: http://dpaste.com/112615/ and radius.conf here: http://dpaste.com/112616/ and I don't think anyone would need it, but here is clients.conf as well: http://dpaste.com/112618/ I am using FreeRADIUS version 2.0.5 on OpenBSD 4.4. I'm sure that there is something simple that I am missing, but I'm new to both the RADIUS protocol and Cisco access points. I luckily was able to score several 1130ag's cheap for personal use during an auction from the presidential campaign. Thanks again, William On Fri, Jan 23, 2009 at 11:30, <[email protected]> wrote: >>I have been having trouble recently with getting dynamic VLAN >>assignment working on my Cisco AP. Clients are successfully >>authenticating with FreeRADIUS. However, they do not seem to be >>picking up extra attributes from the "users" file (below is the >>relevant portion of it). >> >>wgraeber NT-Password := "XXX" >> Tunnel-Type = VLAN, >> Tunnel-Medium-Type = 802, >> Tunnel-Private-Group-ID = 100 >> >>The users are just directed to their original VLAN instead of this >>portion overriding it. When I try to authenticate to the access point >>with "radtest," I get the following output: >> >># radtest wgraeber XXX 127.0.0.1 10 XXX >>Sending Access-Request of id 42 to 127.0.0.1 port 1812 >> User-Name = "wgraeber" >> User-Password = "XXX" >> NAS-IP-Address = 127.0.0.1 >> NAS-Port = 10 >>rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=42, length=37 >> Tunnel-Type:0 = VLAN >> Tunnel-Medium-Type:0 = 802 >> Tunnel-Private-Group-Id:0 = "100" >> >>Furthermore, the Tunnel-Type, Tunnel-Medium-Type, and >>Tunnel-Private-Group-Id attributes in the console when actually >>authenticating and watching the output of "radiusd -X" on another >>machine. The access point *should* support this out of the box >>according to the Cisco specs. This is my first FreeRADIUS >>implementation, so I don't know if I'm missing any magic options. >> > > You have done what you were suposed to on freeradius. Do debug aaa on > Cisco and see what has happened to the attributes. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
