Hi all,
I'm trying to do VLAN assignment with a Cisco 2950 (as NAS) and Microsoft
Windows Server 2003 IAS
(as RADIUS server).
I know that the attributes I have to send to the 2950 are:
Tunnel-Type (64) with value equal to VLAN (type 13)
Tunnel-Medium-Type (65) with value equal to 802 (type 6)
Tunnel-Private-Group-ID (81) with value equal to the name (or ID) of the
VLAN to which I want to
assign the user
I tried several formats (t:Tunnel-Type=VLAN, 64=VLAN, 64=13 .....) and
several ways (using
Cisco-av-pairs, Vendor-Specific attributes, predefined attributes..) for
configuring these
attributes in IAS but each time, the switch says "RADIUS: EAP-login: radius
didn't send any vlan"
( I have activated "debug radius").
1/
What is the exact format (in hexadecimal I think..) the switch need to
receive ?
(Normally ID - Length - Value, which give in hexadecimal for attribute
Tunnel-Type: 64 6 0000000D)
Thanks to the "debug RADIUS" command, I can see that the switch receive this
value (64 6 000000D)
when I use the predefined attributes in IAS.
2/
I read that a common tag value must be set in all of the three attributes
for identifying
"the grouped relationship".
I searched for adding this tag in the attributes and I've added it in IAS:
Tunnel-Tag
3/
If someone know the correct way to configure these attributes in IAS so the
switch can
understand them, It will be great!
802.1x works with no problem.
It's only the VLAN assignment that fails.
Any help appreciated.
Thanks
--
Tiago Antunes
I'm trying to do VLAN assignment with a Cisco 2950 (as NAS) and Microsoft
Windows Server 2003 IAS
(as RADIUS server).
I know that the attributes I have to send to the 2950 are:
Tunnel-Type (64) with value equal to VLAN (type 13)
Tunnel-Medium-Type (65) with value equal to 802 (type 6)
Tunnel-Private-Group-ID (81) with value equal to the name (or ID) of the
VLAN to which I want to
assign the user
I tried several formats (t:Tunnel-Type=VLAN, 64=VLAN, 64=13 .....) and
several ways (using
Cisco-av-pairs, Vendor-Specific attributes, predefined attributes..) for
configuring these
attributes in IAS but each time, the switch says "RADIUS: EAP-login: radius
didn't send any vlan"
( I have activated "debug radius").
1/
What is the exact format (in hexadecimal I think..) the switch need to
receive ?
(Normally ID - Length - Value, which give in hexadecimal for attribute
Tunnel-Type: 64 6 0000000D)
Thanks to the "debug RADIUS" command, I can see that the switch receive this
value (64 6 000000D)
when I use the predefined attributes in IAS.
2/
I read that a common tag value must be set in all of the three attributes
for identifying
"the grouped relationship".
I searched for adding this tag in the attributes and I've added it in IAS:
Tunnel-Tag
3/
If someone know the correct way to configure these attributes in IAS so the
switch can
understand them, It will be great!
802.1x works with no problem.
It's only the VLAN assignment that fails.
Any help appreciated.
Thanks
--
Tiago Antunes