(RADIATOR) How do I get A VLAN assigned? [Public]

Miedema, Hugo Hugo.Miedema at Getronics.com
Thu Jan 13 09:40:02 CST 2005 

Hello,
 
I've got a Radiator server running on FreeBSD.
 
But I get no VLAN on the interface of the Cisco-switch.
 
The config of the switch:

aaa new-model
aaa authentication dot1x default group radius
!
dot1x system-auth-control
!
!
!
!
interface FastEthernet0/1
 description Office-1
 switchport mode access
 dot1x port-control auto 
 spanning-tree portfast
!

The Switch debugging:

Jan 13 16:05:21 CET: AAA/AUTHEN/CONT (3351729614): continue_login (  <mailto:user='frank at xeon.com'> user='frank at xeon.com')
Jan 13 16:05:21 CET: AAA/AUTHEN (3351729614): status = GETDATA
Jan 13 16:05:21 CET: AAA/AUTHEN (3351729614): Method=radius (radius)
Jan 13 16:05:21 CET: AAA/AUTHEN (3351729614): status = PASS
 
******************************************************************
*** This is strange to me:
******************************************************************
Jan 13 16:05:21 CET: dot1x-ev:Received VLAN is No Vlan
Jan 13 16:05:21 CET: dot1x-ev:Enqueued the response to BackEnd
Jan 13 16:05:21 CET: AAA/MEMORY: free_user (0x80CEC2E8)  <mailto:user='frank at xeon.com'> user='frank at xeon.com'  <mailto:ruser='frank at xeon.com'> ruser='frank at xeon.com' port='FastEthernet0/1' rem_addr='' authen_type=EAP service=802.1x priv=1
Jan 13 16:05:21 CET: dot1x-ev:Received QUEUE EVENT in response to AAA Request
Jan 13 16:05:21 CET: dot1x-ev:Dot1x matching request-response found
Jan 13 16:05:21 CET: dot1x-ev:Length of recv eap packet from radius = 4
Jan 13 16:05:21 CET: dot1x-ev:Received VLAN Id -1
Jan 13 16:05:21 CET: dot1x-ev:dot1x_bend_success_enter:00c0.4f83.0e98: Current ID=1
 
Jan 13 16:05:42 CET: dot1x-ev:dot1x_bend: Sending Radius Response to Supplicant of length 4
Jan 13 16:05:42 CET: dot1x-ev:dot1x_tx_eap: EAP Ptk 
Jan 13 16:05:42 CET: dot1x-ev:EAP-code=SUCCESS 
Jan 13 16:05:42 CET: dot1x-ev:EAP Type= Unknown 
Jan 13 16:05:42 CET: dot1x-ev:ID=1

The Radiator config (detail):

<Handler Realm=xeon.com>
        RewriteUsername s/^([^@]+).*/$1/
        <AuthBy FILE>
                EAPType MD5-Challenge
                RewriteUsername s/^([^@]+).*/$1/
                Filename %D/users
                StripFromReply Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-Group-ID
                AddToReply Tunnel-Type=VLAN, Tunnel-Medium-Type=Ether_802, Tunnel-Private-Group-ID=8, User-Name=%u
        </AuthBy>
</Handler>

Part of the Radiator-logging:

Code:       Access-Accept
Identifier: 17
Authentic:  Z<217><184><136>a<202><241><148>M<236><229>(<223><242><190><4>
Attributes:
        EAP-Message = <3><1><0><4>
        Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = Ether_802
        Tunnel-Private-Group-ID = 8
        User-Name = "  <mailto:frank at xeon.com> frank at xeon.com"

Why is there no vlan assigned?
 
regards,
 
Hugo Miedema 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050113/0bc2d992/attachment.html>

More information about the radiator mailing list