[RADIATOR] Fwd: Re: Radiator using WPA2-Enterprise and dynamic VLAN Assignment (Part 1)
Roberto Pantoja
rpantoja at lageo.com.sv
Wed Mar 26 14:23:02 CDT 2014
Thank you, I will try using the radius proxy to know what are exactly
the attributes Ignition Server sends to WLAN controller.
On 03/26/2014 12:02 PM, Klara Mall wrote:
> Hi,
>
> On 03/26/2014 06:40 PM, Roberto Pantoja wrote:
>> I have a problem trying to assign dynamic VLANs to users on a
>> WPA2-Enterprise configuration. Users have successful authentication and
>> if I don't send the Radius Attribute "Tunnel-Private-Group-ID" The
>> Wireless Controller connects me to the default VLan for the SSID, but
>> when I send "Tunnel-Private-Group-ID", the Wireless Controller simply
>> drops out my connection. The Wireless controller documentation says the
>> required attributes in the Access-Accept Reply are "Tunnel-Type=VLAN,
>> Tunnel-Medium-Type=802, Tunnel-Private-Group-ID=<Name of VLAN>".
>> Everything works fine using Ignition Server (Avaya's Radius Server). But
>> on product's documentation says WC8180 comply with RFC Standards and
>> mentions to be "compatible and validated" with freeradius and Microsoft
>> IAS, so I think my case is a configuration issue.
> Are you sure that it's
> Tunnel-Type=VLAN, Tunnel-Medium-Type=802, Tunnel-Private-Group-ID=<Name
> of VLAN>
> for your wireless controller?
>
> We have an HP ProCurve WLAN Controller and I have to send:
> Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-ID =
> <vlan-id>
>
> It's the same for our LANCOM Access Points which are autonomous (no
> controller).
>
> I found a document "Avaya WLAN 8100 Fundamentals" regarding AVAYA WC8180
> WLAN Controller. They say WC8180 is part of the WLAN 8100 solution.
> http://198.152.212.23/css/P8/documents/100161076 (PDF file)
>
> On page 87 they talk about authorization attributes:
> Tunnel-Private-Group-Id: Mobility VLAN Name
> Tunnel-Medium-Type: The value is 6 (IEEE 802)
> Tunnel-Type: The value is 13 (VLAN)
>
> So perhaps you have to send
>
> Tunnel-Type=13, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=<Name of VLAN>
>
> Apart from that: is it possible to proxy the request of the controller
> through radiator to the Ignition Server i.e. to configure the radiator
> server as a client on the Ignition Server? Then you'd see all attributes
> that the Ignition Server is sending in the radiator debug log.
>
> Regards
> Klara
>
--
---------------------------------------
Roberto Carlos Pantoja Valdizón
Analista de Sistemas
ATI/GDEI/LaGeo
This message has been scanned for malware by Websense. www.websense.com
More information about the radiator
mailing list