cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5831
Views
5
Helpful
2
Replies

Assign VLAN from freeradius to Cisco 3550 Switch

navlink.lvmh
Level 1
Level 1

Hi All,

I am trying to assign VLAN from freeradius to the a cisco 3550 switch but it's not working.

I keep getting those lines in the cisco switch debug:

3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]

3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]

What does it mean? Any idea how to solve this?

Below freeradius conf and switch debug.

Thanks.

Configuration on freeradius users file:

wassim    Cleartext-Password := "wassim"

        Tunnel-Medium-Type:1 = IEEE-802,

        Tunnel-Type:1 = VLAN,

        Tunnel-Private-Group-Id:1 = 100

Cisco Switch debug log:

3w6d: RADIUS:  authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E 67

3w6d: RADIUS:  NAS-IP-Address      [4]   6   192.168.1.8              

3w6d: RADIUS:  NAS-Port            [5]   6   50023                    

3w6d: RADIUS:  NAS-Port-Type       [61]  6   Eth                       [15]

3w6d: RADIUS:  User-Name           [1]   8   "wassim"

3w6d: RADIUS:  Called-Station-Id   [30]  19  "00-15-F9-F8-4E-97"

3w6d: RADIUS:  Calling-Station-Id  [31]  19  "00-1A-80-3F-F6-A1"

3w6d: RADIUS:  Service-Type        [6]   6   Framed                    [2]

3w6d: RADIUS:  Framed-MTU          [12]  6   1500                     

3w6d: RADIUS:  State               [24]  18 

3w6d: RADIUS:   DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7  [???????^u^[?#:T?]

3w6d: RADIUS:  EAP-Message         [79]  69 

3w6d: RADIUS:   02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04  [???C??????8?q???]

3w6d: RADIUS:   BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61  [?????????c,????a]

3w6d: RADIUS:   64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4  [d!+???n??IPk????]

3w6d: RADIUS:   36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59  [6????w-?(?7??s?Y]

3w6d: RADIUS:   F9 37 E6                                         [?7?]

3w6d: RADIUS:  Message-Authenticato[80]  18 

3w6d: RADIUS:   A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0  [?Y????_x??Y?M?t?]

3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept, len 186

3w6d: RADIUS:  authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92 C3

3w6d: RADIUS:  Tunnel-Medium-Type  [65]  6   01:Unsupported            [6]

3w6d: RADIUS:  Tunnel-Type         [64]  6   01:Unsupported            [13]

3w6d: RADIUS:  Tunnel-Private-Group[81]  6   01:"100"

3w6d: RADIUS:  Vendor, Microsoft   [26]  58 

3w6d: RADIUS:   MS-MPPE-Recv-Key   [17]  52 

3w6d: RADIUS:   86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A  [??>tv????????.??]

3w6d: RADIUS:   12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76  [?;?????o?c?????v]

3w6d: RADIUS:   61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35  [a?j]b?r?x??M??T5]

3w6d: RADIUS:   40 DC                                            [@?]

3w6d: RADIUS:  Vendor, Microsoft   [26]  58 

3w6d: RADIUS:   MS-MPPE-Send-Key   [16]  52 

3w6d: RADIUS:   8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE  [?a??x??????u?p??]

3w6d: RADIUS:   71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E  [q?Z!S5???????Cn?]

3w6d: RADIUS:   AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8  [???VlB???????~l?]

3w6d: RADIUS:   56 58                                            [VX]

3w6d: RADIUS:  EAP-Message         [79]  6  

3w6d: RADIUS:   03 06 00 04                                      [????]

3w6d: RADIUS:  Message-Authenticato[80]  18 

3w6d: RADIUS:   82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33  [?Kd??dY??'?????3]

3w6d: RADIUS:  User-Name           [1]   8   "wassim"

3w6d: RADIUS: EAP-login: length of eap packet = 4

3w6d: RADIUS: Tunnel-MType, [01] 00 00 06

3w6d: RADIUS: TAS(1) created and enqueued.

3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D

3w6d: RADIUS: Tunnel-GID, [01] 100

3w6d: RADIUS: unrecognized Microsoft VSA type 17

3w6d: RADIUS: unrecognized Microsoft VSA type 16

3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan

3w6d: RADIUS: free TAS(1)

3w6d: RADIUS: no appropriate authorization type for user.

3w6d: RADIUS: Tunnel-MType, [01] 00 00 06

3w6d: RADIUS: TAS(1) created and enqueued.

3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D

3w6d: RADIUS: unrecognized Microsoft VSA type 17

3w6d: RADIUS: unrecognized Microsoft VSA type 16

3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan

3w6d: RADIUS: free TAS(1)

3w6d: RADIUS: no appropriate authorization type for user.

3w6d: RADIUS: Tunnel-MType, [01] 00 00 06

3w6d: RADIUS: TAS(1) created and enqueued.

3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D

3w6d: RADIUS: unrecognized Microsoft VSA type 17

3w6d: RADIUS: unrecognized Microsoft VSA type 16

3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan

3w6d: RADIUS: free TAS(1)

3w6d: RADIUS: no appropriate authorization type for user.

3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to up

1 Accepted Solution

Accepted Solutions

jan.nielsen
Level 7
Level 7

I believe you should be using the numerical values in your fields, look at this one :

http://www.scribd.com/doc/75788651/52/X-with-VLAN-Assignment

Tunnel-Medium-Type:1 = 6

Tunnel-Type:1 = 13

Tunnel-Private-Group-Id:1 =

View solution in original post

2 Replies 2

jan.nielsen
Level 7
Level 7

I believe you should be using the numerical values in your fields, look at this one :

http://www.scribd.com/doc/75788651/52/X-with-VLAN-Assignment

Tunnel-Medium-Type:1 = 6

Tunnel-Type:1 = 13

Tunnel-Private-Group-Id:1 =

I combined your answer with what in Tagging Client VLANs with RADIUS Attributes - Cisco Meraki. And, it's working for me on a recent Cisco IOS-XE switch with:

Tunnel-Type:1 = "VLAN",
Tunnel-Medium-Type:1 = "IEEE-802",
Tunnel-Private-Group-ID:1 = "Users"

 where Users is the name of VLAN configured on the switch.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: