Re: [SOLVED] - Re: VLAN assigment and Alcatel Omniswitch 7800

Hi Oxiel

Please update the HOWTO and possibly the FAQ with your comments.

Regards

Peter

On Thu 15 Feb 2007 04:30, Oxiel Contreras wrote:
> Hello Santa.
>
> This worked great!!!
>
> I was doing 802.1x only, no AVLAN.
>
> For any soul out there trying to implement 802.1x with FreeRadius on
> OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on:
>
> http://wiki.freeradius.org/FreeRADIU...egration_HOWTO
>
> Take note of the following points:
>
> 1) If you use PEAP, install the patch from MS to Radius as noted on the
> FAQ, you need someone with Gold Support from M$ to get it or email me off
> the list :)
>
> http://wiki.freeradius.org/FreeRADIU...Doesn.27t_Work
>
> 2) If PEAP is your election, install the CA and generate the certificates
> on the Radius server.
>
> 3) Modify the permissions of execution for the winbind daemon in order to
> acomplish the ntlm_auth process, FIXME, now using root permissions.
>
> 4) Use Xylan-Auth-Group as VSA in /etc/raddb/users as the attribute for
> assigning VLAN, or generate the new dictionary.alcatel as Santa Yeh
> described below, and then use Alcatel-Auth-Group as the attribute for VLAN
>
> 5) Use the setup for omniswitch as described below by Santa Yeh
>
> 6) Thank all these great people who develop and support this great
> software.
>
> Thanks Alan, A.L.M., Jeremy, Marcel and Santa.
>
> Best regards
>
> Oxiel
>
> El Mi=E9rcoles, 14 de Febrero de 2007 11:19, Santa Yeh escribi=F3:
> > Hello Oxiel,
> >
> > Are you doing AVLAN or 802.1x?
> >
> > 1. I created a new file - dictionary.alcatel
> >
> > #
> > # dictionary.alcatel
> > #
> > # Alcatel VSAs
> > #
> >
> > VENDOR Alcatel 800
> >
> > #
> > # Standard attribute
> > #
> > ATTRIBUTE Alcatel-Auth-Group 1 integer Alcatel
> > ATTRIBUTE Alcatel-Slot-Port 2 string Alcatel
> > ATTRIBUTE Alcatel-Time-of-Day 3 string Alcatel
> > ATTRIBUTE Alcatel-Client-IP-Addr 4 ipaddr Alcatel
> > ATTRIBUTE Alcatel-Group-Desc 5 string Alcatel
> > ATTRIBUTE Alcatel-Port-Desc 6 string Alcatel
> >
> > VALUE Acct-Authentic AUTH-AVCLIENT 4
> > VALUE Acct-Authentic AUTH-TELNET 5
> > VALUE Acct-Authentic AUTH-HTTP 6
> >
> > 2. For users file
> >
> > user1 Auth-Type :=3D Local, Password =3D "user1"
> > Alcatel-Auth-Group =3D 3
> >
> > 3. For AVLAN
> >
> > vlan 3 authentication enable
> > vlan port mobile 1/1 bpdu ignore enable
> > vlan port 1/1 authenticate enable
> > ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> > aaa radius-server rad1 host 192.168.10.211 key radkey
> > aaa authentication vlan single-mode rad1
> > aaa accounting vlan rad1
> > aaa avlan default dhcp 192.168.11.254
> > aaa avlan dns alcatel
> > avlan 3 auth-ip 192.168.11.253
> >
> > 4. For 802.1x (Sorry, just from my memory)
> >
> > vlan 3 802.1x enable
> > vlan port mobile 1/1 bpdu ignore enable
> > vlan port 1/1 802.1x enable
> > ip interface vlan3 address 192.168.11.254 mask 255.255.255.0 vlan 3
> > aaa radius-server rad1 host 192.168.10.211 key radkey
> > aaa authentication 802.1x rad1
> > aaa accounting 802/1x rad1
>
> Chiacchiera con i tuoi amici in tempo reale!
> http://it.yahoo.com/mail_it/foot/*ht...nger.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-- =


Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc

- =

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h=
tml