On 6 Aug 2013, at 10:50, Andy <[email protected]> wrote: > Hi, yes thank you, that is the guide I have been following.. > > And as that guide highlights the switch needs a 'bit string', not a decimal > number; > "The value of Egress-VLANID is a bit string, the first 8 bits specify whether > the VLAN is tagged or untagged and must be either 0x31 (tagged) or 0x32 > (untagged). The next 12 bits are padding 0x000, and the final 12 bits are the > VLAN ID as an integer value.." > > Thus I need; 'Egress-VLANID = 0x31000013' in the FreeRADIUS reply > > But FreeRADIUS is NOT sending that bit string, it is sending; > > Sending Access-Accept of id 41 to 10.0.0.242 port 1812 > Framed-Protocol = PPP > Framed-Compression = Van-Jacobson-TCP-IP > Egress-VLANID = 822083602
You're still sending the wrong binary string. 822083602 == 0x31000012 The RFC specifies that Egress-VLANID has a 4 octet value, whoever wrote the dictionary decided to represent it as a 32bit unsigned integer, but that should be OK. > HP-Cos = "3" > Finished request 18. OK. First, you're not doing PPP, remove the default entries in the users file for Framed-Protocol and Framed-Compression. Second there's no special encoding for an unsigned integer. Chances are, the on the wire format of the value matches the hex string. Look at a dump in wireshark if you don't believe me. If it doesn't, that's a problem, and we can look at fixing it. > I have stored the HEX String in OpenLDAP with various data types, but the > FreeRADIUS always converts the number to the decimal equivalent (822083602) > which is out of range for the switch? *sigh*, no. > > How can I stop this conversion? The on the wire raw format will be the same for the integer and for the binary string. > HPO switch debug; > 0049:03:34:00.18 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd new client > detected on vid: 11. > 0049:03:34:00.18 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd RADIUS CHAP > authentication started, session: 2985. > 0049:03:34:00.20 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd vid attribute > error during RADIUS processing. > 0049:03:34:00.20 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client rejected, > session: 2985, invalid attributes. > 0049:03:34:00.20 MAC mWebAuth:Port: 29 MAC: 080027-e4b2cd client > authentication failed, login retry count: 1 >= max-retires: 0, no unauth-vid > configured, entering quiet-period: 30 seconds. > W 08/06/13 09:45:58 02400 dca: macAuth client, RADIUS-assigned VID validation > error. MAC 080027E4B2CD port 29 VLAN-Id 0 or unknown. Because you're still sending the wrong value? -Arran Arran Cudbard-Bell <[email protected]> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
