Thank you, I will try tagging values for the reply... On 03/26/2014 12:47 PM, Sami Keski-Kasari wrote: > Hello Roberto, > > The RFC2868 defines that tunnel attributes includes Tag field before > value. Some NASes are needing that it is defined and some not. > > Try for example with > > mikem2 User-Password=fred > Service-Type = Framed-User, > Tunnel-Private-Group-ID = 0:<vlan-id>, > Tunnel-Medium-Type = 0:802, > Tunnel-Type = 0:VLAN > > or > mikem2 User-Password=fred > Service-Type = Framed-User, > Tunnel-Private-Group-ID = 1:<vlan-id>, > Tunnel-Medium-Type = 1:802, > Tunnel-Type = 1:VLAN > > > Best Regards, > Sami > > On 03/26/2014 08:16 PM, Roberto Pantoja wrote: >> Thank you for your promptly answer, but I have the same effect if I put >> the VLAN name or numeric ID. Do you have any other idea that can help me >> to resolve this problem. >> >> Best regards. >> >> On 03/26/2014 11:37 AM, Hartmaier Alexander wrote: >>> On 2014-03-26 18:40, Roberto Pantoja wrote: >>>> I have a problem trying to assign dynamic VLANs to users on a >>>> WPA2-Enterprise configuration. Users have successful authentication >>>> and if I don't send the Radius Attribute "Tunnel-Private-Group-ID" >>>> The Wireless Controller connects me to the default VLan for the SSID, >>>> but when I send "Tunnel-Private-Group-ID", the Wireless Controller >>>> simply drops out my connection. The Wireless controller documentation >>>> says the required attributes in the Access-Accept Reply are >>>> "Tunnel-Type=VLAN, Tunnel-Medium-Type=802, >>>> Tunnel-Private-Group-ID=<Name of VLAN>". Everything works fine using >>>> Ignition Server (Avaya's Radius Server). But on product's >>>> documentation says WC8180 comply with RFC Standards and mentions to >>>> be "compatible and validated" with freeradius and Microsoft IAS, so I >>>> think my case is a configuration issue. >>>> >>>> Regards. >>>> >>>> Radiator Version: 4.12.1 >>>> Wireless Controller: AVAYA WC8180 >>>> Wireless Access Points: AVAYA AP8120 >>>> >>>> Config file: >>>> *** Config File *** >>>> # radius.cfg >>>> >>>> Foreground >>>> LogStdout >>>> LogDir /var/log/radius >>>> LogFile %L/logfile.%Y.%m.%d >>>> DbDir /etc/radiator >>>> # User a lower trace level in production systems: >>>> Trace 4 >>>> AuthPort 1812 >>>> AcctPort 1813 >>>> >>>> <Client 10.0.30.254> >>>> Secret verysecret >>>> PacketTrace >>>> Identifier Avaya WC8180 >>>> </Client> >>>> >>>> <Handler TunnelledByPEAP=1> >>>> <AuthBy FILE> >>>> Filename %D/users >>>> EAPType MSCHAP-V2 >>>> </AuthBy> >>>> </Handler> >>>> >>>> <Handler> >>>> <AuthBy FILE> >>>> Filename %D/users >>>> EAPType PEAP >>>> EAPTLS_CAFile %D/certificates/cacert.pem >>>> # EAPTLS_CAPath >>>> EAPTLS_CertificateFile %D/certificates/radiator-cert.pem >>>> EAPTLS_CertificateType PEM >>>> EAPTLS_PrivateKeyFile %D/certificates/radiator-key.pem >>>> EAPTLS_PrivateKeyPassword verysecret >>>> # EAPTLS_RandomFile %D/certificates/random >>>> EAPTLS_MaxFragmentSize 1024 >>>> # EAPTLS_DHFile %D/certificates/cert/dh >>>> #EAPTLS_CRLCheck >>>> #EAPTLS_CRLFile %D/certificates/crl.pem >>>> #EAPTLS_CRLFile %D/certificates/revocations.pem >>>> AutoMPPEKeys >>>> #EAPTLS_SessionResumption 0 >>>> #EAPTLS_SessionResumptionLimit 10 >>>> ####EAPAnonymous anonymous@localhost >>>> EAPTLS_PEAPVersion 0 >>>> EAPTTLS_NoAckRequired >>>> </AuthBy> >>>> </Handler> >>>> *** EOF Config File *** >>>> >>>> >>>> Users file: >>>> mikem user without VLAN default VLAN - Quarantine - no IP address >>>> mikem1 user with VLAN Empleados - IP address range 10.0.21.0/24 >>>> mikem2 user with VLAN ATI - IP address range 10.0.19.0/24 >>>> *** Users file *** >>>> # users >>>> # This is an example of how to set up simple user for >>>> # AuthBy FILE. >>>> # The example user mikem has a password of fred, and will >>>> # receive reply attributes suitable for most NASs. >>>> # You can do many more interesting things. See the Radiator reference >>>> # manual for more details >>>> # >>>> # You can test this user with the command >>>> # perl radpwtst >>>> >>>> mikem User-Password=fred >>>> Service-Type = Framed-User, >>>> Tunnel-Medium-Type = 802, >>>> Tunnel-Type = VLAN >>>> >>>> mikem1 User-Password=fred >>>> Service-Type = Framed-User, >>>> Tunnel-Private-Group-ID = Empleados, >>>> Tunnel-Medium-Type = 802, >>>> Tunnel-Type = VLAN >>>> >>>> mikem2 User-Password=fred >>>> Service-Type = Framed-User, >>>> Tunnel-Private-Group-ID = ATI, >>>> Tunnel-Medium-Type = 802, >>>> Tunnel-Type = VLAN >>>> >>>> *** EOF users file *** >>> We're doing that with Cisco WLCs without problems but in our case by >>> sending the VLAN ID, not its name like for wired dot1x where Cisco IOS >>> switches want the VLAN name: >>> >>> AddToReply Tunnel-Type=VLAN,\ >>> Tunnel-Medium-Type=802, \ >>> Tunnel-Private-Group-ID=123 >>> >>>> -- >>>> --------------------------------------- >>>> Roberto Carlos Pantoja Valdizón >>>> Analista de Sistemas >>>> ATI/GDEI/LaGeo >>>> >>>> >>>> This message has been scanned for malware by Websense. >>>> www.websense.com <http://www.websense.com/> >>>> >>>> >>>> >>>> _______________________________________________ >>>> radiator mailing list >>>> radiator@open.com.au >>>> http://www.open.com.au/mailman/listinfo/radiator >>> >>> >>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >>> T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >>> Handelsgericht Wien, FN 79340b >>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >>> Notice: This e-mail contains information that is confidential and may >>> be privileged. >>> If you are not the intended recipient, please notify the sender and then >>> delete this e-mail immediately. >>> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* >>> >>> >>> Click here >>> <https://www.mailcontrol.com/sr/X7j9AwsBAS3GX2PQPOmvUmkxeMeR4%21FmwYL%21b%21gsSiAI7lo7et4NX6Fo9FCU0sXr2U9s6bVQO2bgE3KctAewCA==> >>> to report this email as spam. >>> >>> >>> >>> _______________________________________________ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >> >> >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >> >
-- --------------------------------------- Roberto Carlos Pantoja Valdizón Analista de Sistemas ATI/GDEI/LaGeo _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
