use-tunneled-reply = yes is already set in peap section in eap.conf The config on our switch look like this:
[uac_quid002]dis cur sysname uac_quid002 # radius nas-ip 192.168.100.5 # domain default enable uacdom # dhcp-server 1 ip 192.168.100.2 dhcp-server 2 ip 192.168.5.1 # dot1x dot1x authentication-method eap # radius scheme system radius scheme uac_aaa server-type standard primary authentication 172.21.0.10 primary accounting 172.21.0.10 key authentication xxxxx key accounting xxxxxx user-name-format without-domain nas-ip 192.168.100.5 # domain system scheme radius-scheme uac_aaa authentication radius-scheme uac_aaa domain uacdom scheme radius-scheme uac_aaa authentication radius-scheme uac_aaa # local-user admin password simple xxxxxx service-type telnet level 3 # vlan 1 # vlan 2 name students # vlan 3 name STAFF # # interface Vlan-interface1 ip address 192.168.100.5 255.255.255.0 # interface Vlan-interface2 ip address 192.168.5.5 255.255.255.0 # interface Vlan-interface3 ip address 10.3.0.2 255.255.0.0 # interface Vlan-interface4 ip address 10.4.0.2 255.255.0.0 # # interface Ethernet1/0/1 port link-type hybrid port hybrid vlan 1 to 4 tagged dot1x port-method portbased dot1x guest-vlan 1 dot1x # interface Ethernet1/0/2 dot1x port-method portbased # interface Ethernet1/0/3 dot1x port-method portbased dot1x guest-vlan 1 # interface Ethernet1/0/4 port link-type hybrid port hybrid vlan 1 to 4 tagged dot1x port-method portbased dot1x guest-vlan 1 dot1x # interface Ethernet1/0/5 port link-type hybrid port hybrid vlan 1 to 4 tagged dot1x port-method portbased dot1x guest-vlan 1 dot1x # interface Ethernet1/0/10 port link-type trunk port trunk permit vlan 1 to 4 dot1x port-method portbased dot1x guest-vlan 1 # the detailed domain setting is as follow: [uac_quid002]dis domain uacdom The contents of Domain uacdom: State = Active RADIUS Scheme = uac_aaa Authentication : RADIUS Scheme = uac_aaa Access-limit = Disable Vlan-assignment-mode = Integer Domain User Template: Idle-cut = Disable Self-service = Disable Messenger Time = Disable so Vlan-assignment-mode is Integer. Where are the tricks? ________________________________ De : Guk Victor <[email protected]> À : [email protected] Envoyé le : Mardi, 23 Juin 2009, 15h23mn 40s Objet : Re: Re : Re : Re : Re : Radius+Huwaei switch + auto VLan, Assignment issue You will place use-tunneled-reply=yes in peap config. This is right config 3Com 4500(V3.03.00): # domain default enable company # dot1x dot1x authentication-method eap undo dot1x handshake enable # radius scheme Radius server-type extended primary authentication x.x.x.x primary accounting x.x.x.x key authentication qwerty key accounting qwerty user-name-format without-domain # domain company scheme radius-scheme Radius vlan-assignment-mode string accounting optional # # interface Ethernet1/0/1 stp edged-port enable broadcast-suppression pps 3000 packet-filter inbound link-group 4999 rule 0 dot1x port-method portbased dot1x # File "users": username Tunnel-Type = VLAN Tunnel-Medium-Type = IEEE-802 Tunnel-Private-Group-ID = "2" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
