[RADIATOR] Radiator using WPA2-Enterprise and dynamic VLAN Assignment (Part 1)
Klara Mall
klara.mall at kit.edu
Wed Mar 26 13:02:16 CDT 2014
Hi,
On 03/26/2014 06:40 PM, Roberto Pantoja wrote:
> I have a problem trying to assign dynamic VLANs to users on a
> WPA2-Enterprise configuration. Users have successful authentication and
> if I don't send the Radius Attribute "Tunnel-Private-Group-ID" The
> Wireless Controller connects me to the default VLan for the SSID, but
> when I send "Tunnel-Private-Group-ID", the Wireless Controller simply
> drops out my connection. The Wireless controller documentation says the
> required attributes in the Access-Accept Reply are "Tunnel-Type=VLAN,
> Tunnel-Medium-Type=802, Tunnel-Private-Group-ID=<Name of VLAN>".
> Everything works fine using Ignition Server (Avaya's Radius Server). But
> on product's documentation says WC8180 comply with RFC Standards and
> mentions to be "compatible and validated" with freeradius and Microsoft
> IAS, so I think my case is a configuration issue.
Are you sure that it's
Tunnel-Type=VLAN, Tunnel-Medium-Type=802, Tunnel-Private-Group-ID=<Name
of VLAN>
for your wireless controller?
We have an HP ProCurve WLAN Controller and I have to send:
Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-ID =
<vlan-id>
It's the same for our LANCOM Access Points which are autonomous (no
controller).
I found a document "Avaya WLAN 8100 Fundamentals" regarding AVAYA WC8180
WLAN Controller. They say WC8180 is part of the WLAN 8100 solution.
http://198.152.212.23/css/P8/documents/100161076 (PDF file)
On page 87 they talk about authorization attributes:
Tunnel-Private-Group-Id: Mobility VLAN Name
Tunnel-Medium-Type: The value is 6 (IEEE 802)
Tunnel-Type: The value is 13 (VLAN)
So perhaps you have to send
Tunnel-Type=13, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=<Name of VLAN>
Apart from that: is it possible to proxy the request of the controller
through radiator to the Ignition Server i.e. to configure the radiator
server as a client on the Ignition Server? Then you'd see all attributes
that the Ignition Server is sending in the radiator debug log.
Regards
Klara
--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)
Klara Mall
Netze und Telekommunikation (NET)
Hermann-von-Helmholtz-Platz 1
76344 Eggenstein-Leopoldshafen
Telefon: +49 721 608-28630
Telefon: +49 721 608-48946
E-Mail: klara.mall at kit.edu
Web: http://www.scc.kit.edu
KIT - Universität des Landes Baden-Württemberg und
nationales Forschungszentrum in der Helmholtz-Gemeinschaft
More information about the radiator
mailing list