It still doesn't work :(
Sorry but I have been working on RFC 4675 for a long time before I
emailed this list, which is why I was a bit short in my first reply
(sorry) and jumped the gun before reading all of your email. I /really/
have trawled every page I can find..
I have changed OpenLDAP to 0x3100000C (thanks for pointing that silly
mistake out), and I get a reply from FreeRADIUS with;
Sending Access-Accept of id 48 to 10.0.0.242 port 1812
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
Egress-VLAN-Name = "VLAN12"
Egress-VLANID = 822083596
HP-Cos = "3"
Finished request 1.
And on the switch I have defined the VLAN;
vlan 12
name "VLAN12"
ip address 10.2.46.242 255.255.255.0
ip helper-address 10.0.0.1
ip igmp
exit
But I still get the error on the switch;
0049:03:54:30.02 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd new client
detected on vid: 1.
0049:03:54:30.02 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS CHAP
authentication started, session: 2991.
0049:03:54:30.04 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd vid attribute
error during RADIUS processing.
0049:03:54:30.04 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client
rejected, session: 2991, invalid attributes.
0049:03:54:30.04 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client
authentication failed, login retry count: 1 >= max-retires: 0, no
unauth-vid configured, entering quiet-period: 30 seconds.
W 08/06/13 10:06:28 02400 dca: macAuth client, RADIUS-assigned VID
validation error. MAC 080027E4B2CD port 29 VLAN-Id 0 or unknown.
I can get RFC 3580 to work fine with the following;
Sending Access-Accept of id 50 to 10.0.0.242 port 1812
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
HP-Cos = "3"
Tunnel-Private-Group-Id:0 = "11"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Finished request 3.
But I really need to get Tagged VLAN working!
If no one has any ideas I'll try and raise a support call with HP.. Wish
me luck I may never return and be lost in their 'support system'
forever...! ;)
On 05/08/13 23:59, Arran Cudbard-Bell wrote:
On 5 Aug 2013, at 23:39, Andy <[email protected]
<mailto:[email protected]>> wrote:
Hello,
This is my first post here so please excuse any missed etiquette.
I have read through the wiki's and googled a lot and not found anything.
http://wiki.freeradius.org/vendor/HP#RFC-4675-(multiple-tagged/untagged-VLAN)-Assignment
<http://wiki.freeradius.org/vendor/HP#RFC-4675-%28multiple-tagged/untagged-VLAN%29-Assignment>
*sigh*
I have been trying configure our switch ports (HP 2910al) with Tagged
VLANs via Egress-VLANID and Egress-VLAN-Name.
The Radius backend is OpenLDAP, and I have tried setting the data
type in OpenLDAP to binary, UTF-8 and IA5, but no matter what I do,
the value returned by RADIUS is the decimal equivalent of the HEX bit
string I enter :(
For example I'm trying to store and send 0x31000012 to indicate a
tagged VLAN (0x31) on VLAN 12. But looking at freeradius -X output I
can see it sending the decimal number, when the switch wants the bit
string as it was stored, and hence throws an error!
No. The HP switch does not care that FreeRADIUS displayed (but later
encoded correctly) your hex string as an integer.
It does care that you don't seem to understand how to convert decimal
numbers to hex and are actually specifying VLAN 18 tagged, which
probably doesn't exist if you're getting errors.
You want 0x3100000C for VLAN 12 tagged.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
