I really think the VLAN assignment problem is related to your EX4200 VC. FreeRadius had done its job. You probably have to contact JTAC. BTW, which version of JUNOS are you running on the EX4200 VC? The latest version JTAC recommended is 10.0S6.1. Hope this will help.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: August 10, 2010 1:11 PM To: [email protected] Subject: RE: RE: MAC based authentication Phil Mayers wrote: > You've enabled 802.1x, not MAC-based VLANs. You'll need to configure 802.1x > at the servers or configure MAC-based auth at the switch. I thought I'd. Indeed authentication is working now, however the switch doesn't assign clients to the VLAN the RADIUS server instructs to. May be off-topic, but would you mind give me hint? The EX monitor output gives me: Aug 10 17:57:42.740610 Processing authentication response complete Aug 10 17:57:42.740657 authentication client Aug 10 17:57:42.740723 Sending message to authentication client Aug 10 17:57:42.742750 Received message from authentication client Aug 10 17:57:42.742815 reply: 1aba028 rply_hdr: 1abc000 bytes_remnant :0 len:2757 reply_len:2757 Aug 10 17:57:42.742845 hdr_bytes_read 0 Aug 10 17:57:42.742865 len read : 28 reply_len: 2735 Aug 10 17:57:42.742917 bytes_remnant 2707 tot_bytes_read 28 Aug 10 17:57:42.742954 bytes_read 2707 Aug 10 17:57:42.742974 Creating background job to process reply from authentication client Aug 10 17:57:42.743103 Entering background job to process message from authentication client Aug 10 17:57:42.743132 process_auth_reply len:2735 Aug 10 17:57:42.743157 Received VLAN ID/name 110 from authentication server Aug 10 17:57:42.743199 Invoking state machine for authentication response for mac address AA:00:00:7F:9C:90 Aug 10 17:57:42.743223 on intf ge-1/0/4.0 . ... and r...@ex4200-vc> show dot1x interface 802.1X Information: Interface Role State MAC address User ge-1/0/4.0 Authenticator Authenticated AA:00:00:7F:9C:90 aa00007f9c90 However: r...@ex4200-vc> show vlans PRIV0 Name Tag Interfaces PRIV0 110 None r...@ex4200-vc> show vlans default Name Tag Interfaces default ge-1/0/4.0*, ge-1/0/5.0* That's odd, since I think I did everything appropriate. A snippt from configuration: interfaces { . .. ge-1/0/4 { unit 0 { family ethernet-switching; } } ge-1/0/5 { unit 0 { family ethernet-switching; } } . .. protocols { . .. dot1x { traceoptions { file dot1x; flag state; flag dot1x-debug; } authenticator { authentication-profile-name auth; interface { ge-1/0/4.0 { supplicant multiple; mac-radius { restrict; } } ge-1/0/5.0 { supplicant multiple; mac-radius { restrict; } } } } . .. access { radius-server { 10.10.10.10 { . .. } } profile auth { authentication-order radius; radius { authentication-server 10.10.10.10; } } } vlans { . .. PRIV0 { vlan-id 110; } } freenetMail mobil – Alle E-Mails auf Ihrem Handy versenden und empfangen. Jetzt kinderleicht und kostenlos einrichten. http://tls.freenet.de/tipp/handymail/index.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
