[cisco-nas] Vlan assignment with Cisco 2950 & IAS: What is the correct format for the radius attributs ?

[CONTRERAS Sébastien]

Hi all, 
I'm trying to do VLAN assignment with a Cisco 2950 (as NAS) and Microsoft IAS (As RADIUS server).

I know that the attributes I have to send to the 2950 are :
Tunnel-Type (64) with value equal to    VLAN    (type 13)
Tunnel-Medium-Type (65) with value equal to    802    (type 6)
Tunnel-Private-Group-ID (81) with value equal to the name (or ID) of the VLAN to which I want to assign the user

I tried several formats (t:Tunnel-Type=VLAN, 64=VLAN, 64=13 .....) and several ways (using Cisco-av-pairs, Vendor-Specific attributes, predefined attributes..) for configuring these attributs in IAS but each time, the switch says "RADIUS: EAP-login: radius didn't send any vlan" ( I have actived "debug radius").

1/
What is the exact format (in hexadecimal I think..) the switch need to receive ? (normally ID - Length - Value, which give in hexadecimal for attribut Tunnel-Type : 64 6 0000000D)
Thanks to the "debug RADIUS" command, I can see that the switch receive this value (64 6 000000D) when I use the predefined attributs in IAS.

2/
I read that a common tag value must be set in all of the three attributes for identifying "the grouped relationship".
I searched for adding this tag in the attributes but I can only put one value in my attributs.
What is the trick ?

3/
If someone know the correct way to configure these attributs in IAS, It will be great !



802.1x works with no problem.
It's only the VLAN assignment that fail.

Any help appreciated.

Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20040708/50c795f4/attachment.html