Thank you for your promptly answer, but I have the same effect if I put the VLAN name or numeric ID. Do you have any other idea that can help me to resolve this problem.
Best regards. On 03/26/2014 11:37 AM, Hartmaier Alexander wrote: > On 2014-03-26 18:40, Roberto Pantoja wrote: >> I have a problem trying to assign dynamic VLANs to users on a >> WPA2-Enterprise configuration. Users have successful authentication >> and if I don't send the Radius Attribute "Tunnel-Private-Group-ID" >> The Wireless Controller connects me to the default VLan for the SSID, >> but when I send "Tunnel-Private-Group-ID", the Wireless Controller >> simply drops out my connection. The Wireless controller documentation >> says the required attributes in the Access-Accept Reply are >> "Tunnel-Type=VLAN, Tunnel-Medium-Type=802, >> Tunnel-Private-Group-ID=<Name of VLAN>". Everything works fine using >> Ignition Server (Avaya's Radius Server). But on product's >> documentation says WC8180 comply with RFC Standards and mentions to >> be "compatible and validated" with freeradius and Microsoft IAS, so I >> think my case is a configuration issue. >> >> Regards. >> >> Radiator Version: 4.12.1 >> Wireless Controller: AVAYA WC8180 >> Wireless Access Points: AVAYA AP8120 >> >> Config file: >> *** Config File *** >> # radius.cfg >> >> Foreground >> LogStdout >> LogDir /var/log/radius >> LogFile %L/logfile.%Y.%m.%d >> DbDir /etc/radiator >> # User a lower trace level in production systems: >> Trace 4 >> AuthPort 1812 >> AcctPort 1813 >> >> <Client 10.0.30.254> >> Secret verysecret >> PacketTrace >> Identifier Avaya WC8180 >> </Client> >> >> <Handler TunnelledByPEAP=1> >> <AuthBy FILE> >> Filename %D/users >> EAPType MSCHAP-V2 >> </AuthBy> >> </Handler> >> >> <Handler> >> <AuthBy FILE> >> Filename %D/users >> EAPType PEAP >> EAPTLS_CAFile %D/certificates/cacert.pem >> # EAPTLS_CAPath >> EAPTLS_CertificateFile %D/certificates/radiator-cert.pem >> EAPTLS_CertificateType PEM >> EAPTLS_PrivateKeyFile %D/certificates/radiator-key.pem >> EAPTLS_PrivateKeyPassword verysecret >> # EAPTLS_RandomFile %D/certificates/random >> EAPTLS_MaxFragmentSize 1024 >> # EAPTLS_DHFile %D/certificates/cert/dh >> #EAPTLS_CRLCheck >> #EAPTLS_CRLFile %D/certificates/crl.pem >> #EAPTLS_CRLFile %D/certificates/revocations.pem >> AutoMPPEKeys >> #EAPTLS_SessionResumption 0 >> #EAPTLS_SessionResumptionLimit 10 >> ####EAPAnonymous anonymous@localhost >> EAPTLS_PEAPVersion 0 >> EAPTTLS_NoAckRequired >> </AuthBy> >> </Handler> >> *** EOF Config File *** >> >> >> Users file: >> mikem user without VLAN default VLAN - Quarantine - no IP address >> mikem1 user with VLAN Empleados - IP address range 10.0.21.0/24 >> mikem2 user with VLAN ATI - IP address range 10.0.19.0/24 >> *** Users file *** >> # users >> # This is an example of how to set up simple user for >> # AuthBy FILE. >> # The example user mikem has a password of fred, and will >> # receive reply attributes suitable for most NASs. >> # You can do many more interesting things. See the Radiator reference >> # manual for more details >> # >> # You can test this user with the command >> # perl radpwtst >> >> mikem User-Password=fred >> Service-Type = Framed-User, >> Tunnel-Medium-Type = 802, >> Tunnel-Type = VLAN >> >> mikem1 User-Password=fred >> Service-Type = Framed-User, >> Tunnel-Private-Group-ID = Empleados, >> Tunnel-Medium-Type = 802, >> Tunnel-Type = VLAN >> >> mikem2 User-Password=fred >> Service-Type = Framed-User, >> Tunnel-Private-Group-ID = ATI, >> Tunnel-Medium-Type = 802, >> Tunnel-Type = VLAN >> >> *** EOF users file *** > > We're doing that with Cisco WLCs without problems but in our case by > sending the VLAN ID, not its name like for wired dot1x where Cisco IOS > switches want the VLAN name: > > AddToReply Tunnel-Type=VLAN,\ > Tunnel-Medium-Type=802, \ > Tunnel-Private-Group-ID=123 > >> -- >> --------------------------------------- >> Roberto Carlos Pantoja Valdizón >> Analista de Sistemas >> ATI/GDEI/LaGeo >> >> >> This message has been scanned for malware by Websense. >> www.websense.com <http://www.websense.com/> >> >> >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien > Handelsgericht Wien, FN 79340b > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > Notice: This e-mail contains information that is confidential and may > be privileged. > If you are not the intended recipient, please notify the sender and then > delete this e-mail immediately. > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > > > Click here > <https://www.mailcontrol.com/sr/X7j9AwsBAS3GX2PQPOmvUmkxeMeR4%21FmwYL%21b%21gsSiAI7lo7et4NX6Fo9FCU0sXr2U9s6bVQO2bgE3KctAewCA==> > to report this email as spam. > > > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- --------------------------------------- Roberto Carlos Pantoja Valdizón Analista de Sistemas ATI/GDEI/LaGeo
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
