Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AP 1200, FreeRADIUS MAC auth and VLAN set

I'm authenticating wireless users using MAC authentication. That works with no problem using FreeRadius. I'm trying to set the client VLAN with the Tunnel-Type, Tunnel-Medium-Type and Tunnel-Private-Group-ID attributes, but I can't get it working: the client is authenticated but the VLAN is always set to the default one (1).

The attributes the radius server is sending are:

Sending Access-Accept of id 26 to IP

Tunnel-Type:0 := VLAN

Tunnel-Medium-Type:0 := 802

Tunnel-Private-Group-Id:0 := "vlan35"

Cisco-AVPair := "ssid=DAC Wireless Network"

I've also tried to set Tunnel-Private-Group-ID to "5" (the numeric ID of the VLAN).

Any ideas?

3 REPLIES
Anonymous
N/A

Re: AP 1200, FreeRADIUS MAC auth and VLAN set

You may want to try and reconfigure it to see if something got stuck. If you are not on the most current firmware you may want to upgrade that as well. Here is a url that may help with the configuration. http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1200/accsspts/ap120scg/index.htm

New Member

Re: AP 1200, FreeRADIUS MAC auth and VLAN set

The firmware is the most current. I've tried to use EAP/TLS auth, but no way, the VLAN assigment does not work. Are you using this feature?

New Member

Re: AP 1200, FreeRADIUS MAC auth and VLAN set

I finally found out the problem: the Tunnel-* attributes must have a tag equal to 1, so the working freeradius config is:

000c30e9xxxx User-Password == "000c30e9xxxx", Auth-Type := Accept

Tunnel-Type:1 := VLAN, Tunnel-Medium-Type:1 := 6,

Tunnel-Private-Group-ID:1 := 1

As you can see there is a ":1" after all attribute names...

So you this way it's possible to assign the VLAN of a wireless card using the its MAC (MAC authenticantion).

1595
Views
0
Helpful
3
Replies
CreatePlease login to create content