Re: [PacketFence-users] Radius attribute push

Mon, 12 Sep 2022 14:56:44 -0700 

I was able to get the radius filter created but I'm having trouble trying to 
apply it to a switch or role.
   On Sunday, September 11, 2022 at 02:13:28 AM CDT, pe...@huizevrielink.eu 
<pe...@huizevrielink.eu> wrote:  
 
 <!--#yiv4327462220 P {margin-top:0;margin-bottom:0;}-->


Hi Isaac,
i had issues with this on an aruba 2930F (other os than your CX series switch).
Couldn't get vlan ID to work, but:

i used the VLAN NAME attribute in the filter engine -> radius filters
Reply "HP-Egress-VLAN-Name" with the value 1guests;1isolation

Prepend 1 for untagged, and 2 for tagged, before the vlan name.
vlan name in the switch has to be exactly the same, case sensitive!
You are even more flexible this way. 
you can always use the name "isolation" and in building 1 you can use vlan 20, 
and in building 2 you can use vlan 30
We use this on aruba clearpass with 30.000 network ports in production at work.
I am now testing this with packetfence at home, seems to work well.
I also use the HP-Port-MA-Port-Mode with value "1" in combination with the vlan 
name for Access points, so that the first client on the port will be 
authenticated(the AP) and all following clients are not. The wifi clients are 
authenticated on the wireless controller.

I only have only 1 remainging issue after a reboot of the AP, 1 of the wifi 
clients is faster than the AP itself to authenticate on the port, now the AP is 
pushed into registration vlan.

poe disable/enable fixes this. reboot only not (of the AP)
Cheers,
Peter
Van: isaac hernandez via PacketFence-users 
<packetfence-users@lists.sourceforge.net>
Verzonden: woensdag 7 september 2022 01:06
Aan: packetfence-users@lists.sourceforge.net
CC: isaac hernandez
Onderwerp: [PacketFence-users] Radius attribute push How do i send radius 
attributes like egress(tagged) vlans, i need this for access points that need 
vlan 1 untagged traffic and vlan 1 and 3 tagged assigned to a port.
currently i'm just able to send radius replies with
Rest-HTTP-Status-Code = 200Tunnel-Private-Group-Id = "(vlan id)"Tunnel-Type = 
VLANTunnel-Medium-Type = IEEE-802
Is it possible to send egress vlans to a meraki ms120 switch?
is it possible to send egress vlans to an aruba cx 6100 switch?

  
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to