Velocity Reviews - Computer Hardware Reviews
Home Forums Reviews Guides Newsgroups Register Search
Member Login:

Velocity Reviews > Newsgroups > Computing > Cisco > AP1200 and vlan assignment via radius...

Reply
Thread Tools

AP1200 and vlan assignment via radius...

 
 
Achim 'ahzf' Friedland
Guest
Posts: n/a
 
      02-22-2006
hello,


I have some trouble after assigning another vlan to an user via radius.
First I do normal radius authentication and within the Access-Accept
reply I send the following back (freeradius):

ahzf Auth-Type := Local, User-Password == "xxx"
User-Name = "ahzf-acct",
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = WLAN-hk

As far as I can see I get connected to the AP and ethernet packets
coming from wlan will reach the normal network. But the other way
doesn't seem to work at all. No packets coming from the normal network
reaches the wlan client...

What's wrong here? Even after looking at debug messages for a while I
didn't find a solution...

Firmware version: c1200-k9w7-tar.123-7.JA2


thx...
achim




!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ahzfnet2
!
enable secret 5 $1$E/ZR$0x4eJ1ryFl1NHAEublInd1
!
clock timezone MEZ 1
clock summer-time MESZ recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip domain name wlan.ahzf.de
ip name-server 10.42.44.22
ip name-server 141.24.44.121
!
!
aaa new-model
!
!
aaa group server radius rad_eap
server 10.44.176.1 auth-port 1812 acct-port 1813
!
aaa group server radius rad_acct
server 10.44.176.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 mbssid
dot11 vlan-name WLAN vlan 2000
dot11 vlan-name WLAN-hk vlan 1000
!
dot11 ssid Holzklasse
vlan 1000
authentication open eap eap_methods
authentication key-management wpa
accounting acct_methods
!
dot11 ssid ahzfnet.1X
vlan 2000
authentication open eap eap_methods
authentication key-management wpa
accounting acct_methods
mbssid guest-mode
!
dot11 aaa csid ietf
!
!
username Cisco password 7 106D000A0618
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 2000 mode ciphers aes-ccm tkip
!
encryption vlan 1000 mode ciphers aes-ccm tkip
!
ssid Holzklasse
!
ssid ahzfnet.1X
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
dot11 extension power native
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.1000
encapsulation dot1Q 1000
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
bridge-group 100 spanning-disabled
!
interface Dot11Radio0.2000
encapsulation dot1Q 2000
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
bridge-group 255 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.1000
encapsulation dot1Q 1000
no ip route-cache
bridge-group 100
no bridge-group 100 source-learning
bridge-group 100 spanning-disabled
!
interface FastEthernet0.2000
encapsulation dot1Q 2000
no ip route-cache
bridge-group 255
no bridge-group 255 source-learning
bridge-group 255 spanning-disabled
!
interface BVI1
ip address 10.44.176.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.44.176.1
no ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779...onfig/help/eag
ip radius source-interface BVI1
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.44.176.1 auth-port 1812 acct-port 1813 key 7 0835495D1D100B1043595F
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
bridge 1 route ip
!
!
wlccp wds aaa csid ietf
!
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
!
sntp server 141.24.44.123
end
 
Reply With Quote
 
 
 
Reply

« DNS issues on PIX 515E, version 6.3(3) | PIX Shun that expires? »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
MAC authentication on AP1200 Julien Cisco 2 08-04-2006 06:04 PM
Initialization via ctor vs. initialization via assignment Matthias Kaeppler C++ 2 07-18-2005 04:25 PM
Clevo 802.11b and AP1200 Martyn Reid Cisco 1 01-24-2005 07:21 PM
No IP address with AP1200 , IAS and Win2003 peter Cisco 0 07-06-2004 03:18 PM
Cisco AP1200 broadcast issue dovelet Cisco 2 06-18-2004 01:46 PM



Advertisments
 


Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57