Hi, yes thank you, that is the guide I have been following..
And as that guide highlights the switch needs a 'bit string', not a
decimal number;
"The value of Egress-VLANID is a bit string, the first 8 bits specify
whether the VLAN is tagged or untagged and must be either 0x31 (tagged)
or 0x32 (untagged). The next 12 bits are padding 0x000, and the final
12 bits are the VLAN ID as an integer value.."
Thus I need; 'Egress-VLANID = 0x31000013' in the FreeRADIUS reply
But FreeRADIUS is NOT sending that bit string, it is sending;
Sending Access-Accept of id 41 to 10.0.0.242 port 1812
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Egress-VLANID = 822083602
HP-Cos = "3"
Finished request 18.
I have stored the HEX String in OpenLDAP with various data types, but
the FreeRADIUS always converts the number to the decimal equivalent
(822083602) which is out of range for the switch?
How can I stop this conversion?
HPO switch debug;
0049:03:34:00.18 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd new client
detected on vid: 11.
0049:03:34:00.18 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS CHAP
authentication started, session: 2985.
0049:03:34:00.20 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd vid
attribute error during RADIUS processing.
0049:03:34:00.20 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client
rejected,
session: 2985, invalid attributes.
0049:03:34:00.20 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client
authentication failed, login retry count: 1 >= max-retires: 0, no
unauth-vid configured, entering quiet-period: 30 seconds.
W 08/06/13 09:45:58 02400 dca: macAuth client, RADIUS-assigned VID
validation error. MAC 080027E4B2CD port 29 VLAN-Id 0 or unknown.
Thanks, Andy.
On Mon 05 Aug 2013 23:59:36 BST, Arran Cudbard-Bell wrote:
On 5 Aug 2013, at 23:39, Andy <a...@brandwatch.com
<mailto:a...@brandwatch.com>> wrote:
Hello,
This is my first post here so please excuse any missed etiquette.
I have read through the wiki's and googled a lot and not found anything.
http://wiki.freeradius.org/vendor/HP#RFC-4675-(multiple-tagged/untagged-VLAN)-Assignment
*sigh*
I have been trying configure our switch ports (HP 2910al) with Tagged
VLANs via Egress-VLANID and Egress-VLAN-Name.
The Radius backend is OpenLDAP, and I have tried setting the data
type in OpenLDAP to binary, UTF-8 and IA5, but no matter what I do,
the value returned by RADIUS is the decimal equivalent of the HEX bit
string I enter :(
For example I'm trying to store and send 0x31000012 to indicate a
tagged VLAN (0x31) on VLAN 12. But looking at freeradius -X output I
can see it sending the decimal number, when the switch wants the bit
string as it was stored, and hence throws an error!
No. The HP switch does not care that FreeRADIUS displayed (but later
encoded correctly) your hex string as an integer.
It does care that you don't seem to understand how to convert decimal
numbers to hex and are actually specifying VLAN 18 tagged, which
probably doesn't exist if you're getting errors.
You want 0x3100000C for VLAN 12 tagged.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
