Dynamic vlan assigment based on external radius (Freeradius)

  • 1
  • Question
  • Updated 2 years ago
I need to assign a VLAN based on the attributes of a Radius (Freeradius).
Aerohive recognizes the attributes with the tool test.
Even as not assign the vlan according to the profiles created.





users.conf:

jandrade Cleartext-Password := "jandrade"
    Tunnel-Type = GRE,
    Tunnel-Medium-Type = IPv4,
    Tunnel-Private-Group-ID = 10,
    Framed-Protocol = PPP,
    Service-Type = Framed-User,

pdonoso Cleartext-Password := "pdonoso"
    Tunnel-Type = GRE,
    Tunnel-Medium-Type = IPv4,
    Tunnel-Private-Group-ID = 20,
    Framed-Protocol = PPP,
    Service-Type = Framed-User,

DEFAULT Auth-Type := Reject





Debug user pdonoso:

AH-2121OF#2016-03-03 17:39:19 info    capwap: SSL:unknown version (0)
2016-03-03 17:39:27 info    ah_auth: [Auth]: receive driver notification[0x8c03, IWEVREGISTERED] for Sta[c0bd:d1e1:b250] at Hapd[4018:b1d0:3be9, wifi1.2]
2016-03-03 17:39:27 warn    ah_auth: wpa_validate_wpa_ie: wpa_auth 5896104, sm 5903192, wpa_ie 744974518, wpa_ie_len 40
2016-03-03 17:39:27 warn    ah_auth: PMKID found from PMKSA cache eap_type=21 vlan_id=0
2016-03-03 17:39:27 warn    ah_auth: event 1 notification
2016-03-03 17:39:27 warn    ah_auth: start authentication
2016-03-03 17:39:27 warn    ah_auth: sending 1/4 msg of 4-Way Handshake
2016-03-03 17:39:27 warn    ah_auth: received EAPOL-Key frame (2/4 Pairwise)
2016-03-03 17:39:27 warn    ah_auth: sending 3/4 msg of 4-Way Handshake
2016-03-03 17:39:27 warn    ah_auth: received EAPOL-Key frame (4/4 Pairwise)
2016-03-03 17:39:27 info    ah_auth: pmksa_cache_auth_add: own_addr 4018:b1d0:3be9, sta c0bd:d1e1:b250, 0, username pdonoso
2016-03-03 17:39:27 info    ah_auth: [Auth]STA(c0bd:d1e1:b250) login to SSID(wifi1.2) by user_name=pdonoso
2016-03-03 17:39:27 info    ah_auth: add new RT sta: MAC=c0bd:d1e1:b250, IP=172.16.10.10, hostname=android-177817a9fe779054, username=pdonoso on wifi1.2
2016-03-03 17:39:27 info    amrp2: receive event <STA join>: c0bd:d1e1:b250 (ip 172.16.10.10) associate wifi1.2 upid 10 vlan 10 flag 0x00000000
2016-03-03 17:39:27 info    amrp2: set proxy route: c0bd:d1e1:b250 -> 4018:b1d0:3bc0 ifp wifi1.2 upid 10 flag 0x1c03 monitor(0/0) pkt/sec ok
2016-03-03 17:39:27 info    kernel: [mesh]: set proxy : c0bd:d1e1:b250 4018:b1d0:3bc0 wifi1.2 flag 0x1c03
2016-03-03 17:39:27 info    kernel: [qos]: add qos user c0bd:d1e1:b250 idx 48 uppid 2
2016-03-03 17:39:27 info    ah_auth: detect station(c0bd:d1e1:b250) os(Android) via DHCP fingerprint
2016-03-03 17:39:28 info    ah_auth: detect station(c0bd:d1e1:b250) os(Android) via DHCP fingerprint
2016-03-03 17:39:28 notice  ah_auth: Station c0bd:d1e1:b250 is authenticated to 4018:b1d0:3be9 thru SSID Guest vid 10
2016-03-03 17:39:28 info    ah_auth: Station c0bd:d1e1:b250 ip 172.16.10.10 username pdonoso hostname android-177817a9fe779054 OS Android, flag = DHCP
2016-03-03 17:39:30 info    capwap: SSL:unknown version (0)

debug user jandrade:

AH-2121OF#2016-03-03 17:41:12 info    capwap: SSL:unknown version (0)
2016-03-03 17:41:16 info    ah_auth: [Auth]: receive driver notification[0x8c03, IWEVREGISTERED] for Sta[c0bd:d1e1:b250] at Hapd[4018:b1d0:3bd5, wifi0.2]
2016-03-03 17:41:16 warn    ah_auth: wpa_validate_wpa_ie: wpa_auth 5895728, sm 5903192, wpa_ie 744974518, wpa_ie_len 40
2016-03-03 17:41:16 warn    ah_auth: PMKID found from PMKSA cache eap_type=21 vlan_id=0
2016-03-03 17:41:16 warn    ah_auth: event 1 notification
2016-03-03 17:41:16 warn    ah_auth: start authentication
2016-03-03 17:41:16 warn    ah_auth: sending 1/4 msg of 4-Way Handshake
2016-03-03 17:41:16 warn    ah_auth: received EAPOL-Key frame (2/4 Pairwise)
2016-03-03 17:41:16 warn    ah_auth: sending 3/4 msg of 4-Way Handshake
2016-03-03 17:41:16 warn    ah_auth: received EAPOL-Key frame (4/4 Pairwise)
2016-03-03 17:41:16 info    ah_auth: pmksa_cache_auth_add: own_addr 4018:b1d0:3bd5, sta c0bd:d1e1:b250, 0, username jandrade
2016-03-03 17:41:16 info    ah_auth: [Auth]STA(c0bd:d1e1:b250) login to SSID(wifi0.2) by user_name=jandrade
2016-03-03 17:41:16 info    ah_auth: add new RT sta: MAC=c0bd:d1e1:b250, IP=172.16.10.10, hostname=android-177817a9fe779054, username=jandrade on wifi0.2
2016-03-03 17:41:16 info    amrp2: receive event <STA join>: c0bd:d1e1:b250 (ip 172.16.10.10) associate wifi0.2 upid 10 vlan 10 flag 0x00000000
2016-03-03 17:41:16 info    amrp2: set proxy route: c0bd:d1e1:b250 -> 4018:b1d0:3bc0 ifp wifi0.2 upid 10 flag 0x1c03 monitor(0/0) pkt/sec ok
2016-03-03 17:41:16 info    kernel: [mesh]: set proxy : c0bd:d1e1:b250 4018:b1d0:3bc0 wifi0.2 flag 0x1c03
2016-03-03 17:41:16 info    kernel: [qos]: add qos user c0bd:d1e1:b250 idx 48 uppid 2
2016-03-03 17:41:16 info    ah_auth: detect station(c0bd:d1e1:b250) os(Android) via DHCP fingerprint
2016-03-03 17:41:16 notice  ah_auth: Station c0bd:d1e1:b250 is authenticated to 4018:b1d0:3bd5 thru SSID Guest vid 10
2016-03-03 17:41:16 info    ah_auth: Station c0bd:d1e1:b250 ip 172.16.10.10 username jandrade hostname android-177817a9fe779054 OS Android, flag = DHCP
2016-03-03 17:41:18 info    capwap: SSL:unknown version (0)
Photo of Rodrigo

Rodrigo

  • 19 Posts
  • 4 Reply Likes

Posted 2 years ago

  • 1
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Looks like you are testing both IDs on the same client device in somewhat quick succession, so you could be running into an issue with the AP cache. You should perform the 1st test, clear the cache, then perform the 2nd test.

You can clear the cache from HiveManager or the CLI.

From HM6, Monitor > Clients > Active Clients. CLick Operation > Deauth Clients. Check Clear Cache. 
The three CLI commands are:
- clear auth local
- clear auth station
- clear auth roaming
 
Or try a second device.
Photo of Rodrigo

Rodrigo

  • 19 Posts
  • 4 Reply Likes
Perform testing and did not work. This laboratory did with NPS and runs smoothly.