Arran Cudbard-Bell wrote:
Not true, see HPs Open VLAN feature. The NAS may also request that the
supplicant be put into a certain VLAN based on the static VLAN
assignment on the port the supplicant is connecting to.
Wild. I hadn't seen that before.
In any case, the original poster hasn't
you certainly arent checking that the VLAN is 2 - and if it isnt then fail
the authentication. i can understand what you are trying to do...but
do do THAT sort of thing you will need to use checking attributes,
not setting attributes.
you should find that the port which carlos is
[EMAIL PROTECTED] wrote:
...
What certificate i shoud use, so that valid the:
carlos User-Password == carlos
Service-Type = Framed-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2
and if the user carlos access to
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
...
What certificate i shoud use, so that valid the:
carlos User-Password == carlos
Service-Type = Framed-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2
and if the user
Hi,
carlos Auth-Type = EAP, User-Password == carlos
I remove the parte indicated carlos User-Password == carlos
The problem continue i did thefollowing:
In my swich I form three vlan 2,3,4 After I signed ip to the vlans and
ports too.
This is all
Hi,
carlos User-Password == carlos
Service-Type = Framed-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2
saulUser-Password == saul
Service-Type = Framed-User,
Tunnel-Type = VLAN,
How you see this is the configuration from my switch.
In the file users I have the following configuration.
+
carlos User-Password == carlos
Service-Type = Framed-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Hello,
I use freeradius-1.0.4-1.FC4.1 version in a PC Linux Fedora Core 4.
This radius server
authenticates to user in function to his login and key, if the
information is correct the
radius server must send to user to the vlan 2 according to forms in
the file users of the
radius server.
Hi,
I use freeradius-1.0.4-1.FC4.1 version in a PC Linux Fedora Core 4.
I wont even bother starting with the upgrade to 1.1.7 stuff. if you want to run
buggy older and insecure versions then thats YOUR choice.
carlos Auth-Type := EAP, User-Password == carlos
Service-Type =
Hi
Everyone,
Dave,
Are you sure the
command aaa authentication network default group radiusis valid
on 2950 switches ? I am running Version 12.1(22)EA5, which was the last stable
image in july and "network" is not available as aaa authentication
option.
If anyone has met
any success
I think you need to apply this command to the
port:
switchport access vlan dynamic
- Øystein Gåsdal
From: HOWLETT C DsicEmi
[mailto:[EMAIL PROTECTED] Sent: 6. oktober 2005
10:54To: freeradius-users@lists.freeradius.orgSubject:
Using freeradius and 802.1x for dynamic VLAN on Cisco 2950
Hi Everyone,
I finally worked it out ! I was missing aaa authorization network default
group radius in the config file.
FYI, switchport access vlan dynamic is not valid when dot1x is enabled. What
makes dynamic VLAN assignment possible is the above command (aaa)
Claire
I succeeded following these steps:
http://security.fi.infn.it/TRIP/802.1x-wired/802.1x-wired.html
regards
2005/10/6, HOWLETT CDsicEmi [EMAIL PROTECTED]:
Hi Everyone,
Dave,
Are you sure the command aaa authentication network default group radius is
valid on 2950 switches ? I am
You are missing:
aaa authentication network default group radius
The attributes you posted earlier are correct. You can also specify
the VLAN name instead of the number which may help you if the VLAN ids
are different on different networks.
--
DaveD
Thanks for help but my switch doesn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Freitag, 11. März 2005 09:24 schrieb Horschtel:
Thanks for help but my switch doesn't know this command. Is it possible
that the IOS 12.1(11)EA VLAN Assignment with 802.1x not supported?
Yes. Be careful with the IOS versions. Older versions do
Michael Schwartzkopff wrote:
Thanks for help but my switch doesn't know this command. Is it possible
that the IOS 12.1(11)EA VLAN Assignment with 802.1x not supported?
Yes. Be careful with the IOS versions. Older versions do not have this feature
implemented. You have to install a quite new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Freitag, 11. März 2005 15:40 schrieb Vladimir Vuksan:
Michael Schwartzkopff wrote:
Thanks for help but my switch doesn't know this command. Is it possible
that the IOS 12.1(11)EA VLAN Assignment with 802.1x not supported?
Yes. Be careful with
Try this :
Tunnel-Type := VLAN,
Tunnel-Medium-Type := IEEE-802,
Tunnel-Private-Group-Id := 13,
It works on my FreeRADIUS
Horschtel a crit :
Hi my situation is freeradius give the switch wrong attribute parameters.
The users config file says:
Username Auth-Type == EAP, User-Password == xxx
I try but it doesn't work. I try another radius server and it failed also. I
the properties of the Attribute 81 I see should be a string. So I think I did a
mistake on the switch configuration. I post the configuration here :
Current configuration : 3985 bytes
!
version 12.1
no service pad
Horschtel [EMAIL PROTECTED] wrote:
Tunnel-Private-Group-Id = 13
and that's the problem. I think the Tunnel-Private-Group-Id is not
more an Integer
The RFC's define it to be string. Some switch vendors, however,
implemented it as integer, which causes problems.
Alan DeKok.
-
List
Hi my situation is freeradius give the switch wrong attribute parameters.
The users config file says:
Username Auth-Type == EAP, User-Password == xxx
Framed-Type = Framed,
Tunnel-Medium-Type:1 = 6,
Tunnel-Type:1 = 13,
Tunnel-Private-Group-ID:1 = 13
.
on freeradius
21 matches
Mail list logo