Re: Dell 6248 and Dynamic VLAN Assignment
Talk to the vendor? Sent from my iPhone On 31 Oct 2008, at 01:20, Luke [EMAIL PROTECTED] wrote: Hi :) I'm trying to get dynamic VLAN assignment to work with my Dell 6248, which they officially support as of firmware revision 2.1.0.13. I'm using freeradius version 2.1.1 I think I'm sending the information the correct way from freeradius, to wit: DEFAULT Auth-Type == MS-CHAP Tunnel-Type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = 3 (this is in my users file) When watching the debug output from radiusd -X, I can see it sending these messages back to the Dell switch. However, the dell switch is not correctly assigning the VLAN. The information from the release notes from Dell is as follows: 802.1x Option 81 The Tunnel Attribute indicates the tunneling protocol to be used or the tunneling protocol in use at the Authenticator. In particular, it may be desirable to allow a supplicant (MAC based) or port (Port Based) to be placed into a particular Virtual LAN (VLAN) based on the result of the authentication. To achieve the distribution of the VLAN id to the supplicant, the tunnel attribute can be used. For use in VLAN assignment, the following tunnel attributes are used: Tunnel-Type=VLAN (13) Tunnel-Medium-Type=802 Tunnel-Private-Group-ID=VLANID, where VLANID is 12-bits, taking a value between 1 and 4093. The NAS-IP Attribute indicates the identifying IP Address of the NAS (Switch or Access Point) which is requesting authentication of the user, and should be unique to the NAS within the scope of the RADIUS server. NAS-IP-Address is only used in Access-Request packets. Either NAS-IP-Address or NAS-Identifier must be present in an Access-Request packet. I can see from my Dell switch that this stuff is enabled, but for some reason it's still not setting the VLAN. Does anyone have any suggestions? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dell 6248 and Dynamic VLAN Assignment
Dictionary value for that Tunnel-Medium-Type is IEEE-802. Ivan Kalik Kalik Informatika ISP Dana 31/10/2008, Luke [EMAIL PROTECTED] piše: Hi :) I'm trying to get dynamic VLAN assignment to work with my Dell 6248, which they officially support as of firmware revision 2.1.0.13. I'm using freeradius version 2.1.1 I think I'm sending the information the correct way from freeradius, to wit: DEFAULT Auth-Type == MS-CHAP Tunnel-Type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = 3 (this is in my users file) When watching the debug output from radiusd -X, I can see it sending these messages back to the Dell switch. However, the dell switch is not correctly assigning the VLAN. The information from the release notes from Dell is as follows: 802.1x Option 81 The Tunnel Attribute indicates the tunneling protocol to be used or the tunneling protocol in use at the Authenticator. In particular, it may be desirable to allow a supplicant (MAC based) or port (Port Based) to be placed into a particular Virtual LAN (VLAN) based on the result of the authentication. To achieve the distribution of the VLAN id to the supplicant, the tunnel attribute can be used. For use in VLAN assignment, the following tunnel attributes are used: Tunnel-Type=VLAN (13) Tunnel-Medium-Type=802 Tunnel-Private-Group-ID=VLANID, where VLANID is 12-bits, taking a value between 1 and 4093. The NAS-IP Attribute indicates the identifying IP Address of the NAS (Switch or Access Point) which is requesting authentication of the user, and should be unique to the NAS within the scope of the RADIUS server. NAS-IP-Address is only used in Access-Request packets. Either NAS-IP-Address or NAS-Identifier must be present in an Access-Request packet. I can see from my Dell switch that this stuff is enabled, but for some reason it's still not setting the VLAN. Does anyone have any suggestions? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dell 6248 and Dynamic VLAN Assignment
Hi :) I'm trying to get dynamic VLAN assignment to work with my Dell 6248, which they officially support as of firmware revision 2.1.0.13. I'm using freeradius version 2.1.1 I think I'm sending the information the correct way from freeradius, to wit: DEFAULT Auth-Type == MS-CHAP Tunnel-Type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = 3 (this is in my users file) When watching the debug output from radiusd -X, I can see it sending these messages back to the Dell switch. However, the dell switch is not correctly assigning the VLAN. The information from the release notes from Dell is as follows: 802.1x Option 81 The Tunnel Attribute indicates the tunneling protocol to be used or the tunneling protocol in use at the Authenticator. In particular, it may be desirable to allow a supplicant (MAC based) or port (Port Based) to be placed into a particular Virtual LAN (VLAN) based on the result of the authentication. To achieve the distribution of the VLAN id to the supplicant, the tunnel attribute can be used. For use in VLAN assignment, the following tunnel attributes are used: Tunnel-Type=VLAN (13) Tunnel-Medium-Type=802 Tunnel-Private-Group-ID=VLANID, where VLANID is 12-bits, taking a value between 1 and 4093. The NAS-IP Attribute indicates the identifying IP Address of the NAS (Switch or Access Point) which is requesting authentication of the user, and should be unique to the NAS within the scope of the RADIUS server. NAS-IP-Address is only used in Access-Request packets. Either NAS-IP-Address or NAS-Identifier must be present in an Access-Request packet. I can see from my Dell switch that this stuff is enabled, but for some reason it's still not setting the VLAN. Does anyone have any suggestions? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html