(RADIATOR) How do I get A VLAN assigned? [Public]
Miedema, Hugo
Hugo.Miedema at Getronics.com
Fri Jan 14 04:20:39 CST 2005
It worked. Thanks Brad.
-----Original Message-----
From: Watkins, Bradley [mailto:Bradley.Watkins at compuware.com]
Sent: Thursday, January 13, 2005 20:32
To: 'Miedema, Hugo'; 'radiator at open.com.au'
Subject: RE: (RADIATOR) How do I get A VLAN assigned? [Public]
I believe you have to add the statement:
aaa authorization network default group radius
Otherwise the switch is not enabled for VLAN assignment (or per-user ACLs for that matter).
Insofar as I call tell everything else in your config (both on the switch and for Radiator) looks good.
Regards,
Brad Watkins
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On Behalf Of Miedema, Hugo
Sent: Thursday, January 13, 2005 10:40 AM
To: 'radiator at open.com.au'
Subject: (RADIATOR) How do I get A VLAN assigned? [Public]
Hello,
I've got a Radiator server running on FreeBSD.
But I get no VLAN on the interface of the Cisco-switch.
The config of the switch:
aaa new-model
aaa authentication dot1x default group radius
!
dot1x system-auth-control
!
!
!
!
interface FastEthernet0/1
description Office-1
switchport mode access
dot1x port-control auto
spanning-tree portfast
!
The Switch debugging:
Jan 13 16:05:21 CET: AAA/AUTHEN/CONT (3351729614): continue_login ( <mailto:user='frank at xeon.com'> user='frank at xeon.com')
Jan 13 16:05:21 CET: AAA/AUTHEN (3351729614): status = GETDATA
Jan 13 16:05:21 CET: AAA/AUTHEN (3351729614): Method=radius (radius)
Jan 13 16:05:21 CET: AAA/AUTHEN (3351729614): status = PASS
******************************************************************
*** This is strange to me:
******************************************************************
Jan 13 16:05:21 CET: dot1x-ev:Received VLAN is No Vlan
Jan 13 16:05:21 CET: dot1x-ev:Enqueued the response to BackEnd
Jan 13 16:05:21 CET: AAA/MEMORY: free_user (0x80CEC2E8) <mailto:user='frank at xeon.com'> user='frank at xeon.com' <mailto:ruser='frank at xeon.com'> ruser='frank at xeon.com' port='FastEthernet0/1' rem_addr='' authen_type=EAP service=802.1x priv=1
Jan 13 16:05:21 CET: dot1x-ev:Received QUEUE EVENT in response to AAA Request
Jan 13 16:05:21 CET: dot1x-ev:Dot1x matching request-response found
Jan 13 16:05:21 CET: dot1x-ev:Length of recv eap packet from radius = 4
Jan 13 16:05:21 CET: dot1x-ev:Received VLAN Id -1
Jan 13 16:05:21 CET: dot1x-ev:dot1x_bend_success_enter:00c0.4f83.0e98: Current ID=1
Jan 13 16:05:42 CET: dot1x-ev:dot1x_bend: Sending Radius Response to Supplicant of length 4
Jan 13 16:05:42 CET: dot1x-ev:dot1x_tx_eap: EAP Ptk
Jan 13 16:05:42 CET: dot1x-ev:EAP-code=SUCCESS
Jan 13 16:05:42 CET: dot1x-ev:EAP Type= Unknown
Jan 13 16:05:42 CET: dot1x-ev:ID=1
The Radiator config (detail):
<Handler Realm=xeon.com>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
EAPType MD5-Challenge
RewriteUsername s/^([^@]+).*/$1/
Filename %D/users
StripFromReply Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-Group-ID
AddToReply Tunnel-Type=VLAN, Tunnel-Medium-Type=Ether_802, Tunnel-Private-Group-ID=8, User-Name=%u
</AuthBy>
</Handler>
Part of the Radiator-logging:
Code: Access-Accept
Identifier: 17
Authentic: Z<217><184><136>a<202><241><148>M<236><229>(<223><242><190><4>
Attributes:
EAP-Message = <3><1><0><4>
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Tunnel-Type = VLAN
Tunnel-Medium-Type = Ether_802
Tunnel-Private-Group-ID = 8
User-Name = " <mailto:frank at xeon.com> frank at xeon.com"
Why is there no vlan assigned?
regards,
Hugo Miedema
The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050114/c212dea1/attachment.html>
More information about the radiator
mailing list