[cisco-nas] Vlan assignment with Cisco 2950 & IAS: What is the correct format for the radius attributs ?

MIHI mihi at ludens.elte.hu
Fri Jul 9 02:24:10 EDT 2004 

Hello,

 

Is your 2950 EI? 

Only EI models support VLAN assignment.

 

Marton

 

  _____  

From: cisco-nas-bounces at puck.nether.net
[mailto:cisco-nas-bounces at puck.nether.net] On Behalf Of CONTRERAS Sébastien
Sent: Thursday, July 08, 2004 2:54 PM
To: cisco-nas at puck.nether.net
Subject: [cisco-nas] Vlan assignment with Cisco 2950 & IAS: What is the
correct format for the radius attributs ?

 

Hi all, 

I'm trying to do VLAN assignment with a Cisco 2950 (as NAS) and Microsoft
IAS (As RADIUS server).

 

I know that the attributes I have to send to the 2950 are :

Tunnel-Type (64) with value equal to    VLAN    (type 13)

Tunnel-Medium-Type (65) with value equal to    802    (type 6)

Tunnel-Private-Group-ID (81) with value equal to the name (or ID) of the
VLAN to which I want to assign the user

 

I tried several formats (t:Tunnel-Type=VLAN, 64=VLAN, 64=13 .....) and
several ways (using Cisco-av-pairs, Vendor-Specific attributes, predefined
attributes..) for configuring these attributs in IAS but each time, the
switch says "RADIUS: EAP-login: radius didn't send any vlan" ( I have
actived "debug radius").

 

1/

What is the exact format (in hexadecimal I think..) the switch need to
receive ? (normally ID - Length - Value, which give in hexadecimal for
attribut Tunnel-Type : 64 6 0000000D)

Thanks to the "debug RADIUS" command, I can see that the switch receive this
value (64 6 000000D) when I use the predefined attributs in IAS.

 

2/

I read that a common tag value must be set in all of the three attributes
for identifying "the grouped relationship".

I searched for adding this tag in the attributes but I can only put one
value in my attributs.

What is the trick ?

 

3/

If someone know the correct way to configure these attributs in IAS, It will
be great !

 

 

 

802.1x works with no problem.

It's only the VLAN assignment that fail.

 

Any help appreciated.

 

Thanks

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://puck.nether.net/pipermail/cisco-nas/attachments/20040709/3d5dfd7f/attachment.html

More information about the cisco-nas mailing list