======WIRELESS CLIENT GRANTED ACCESS TO (IAS) RADIUS SERVER====== --------------------------- Wireless Client Granted Access to (IAS) Radius Server, BUT is unable to get an address from DHCP server Experienced this with one of my customers and Earl asked me to tell the customer to do the following in his Radius Remote Access Policies //Note: THIS ONLY APPLIES TO IAS ONLY// {{ :3com:wireless:controller:configuration:dsgn_38.jpg?nolink&400 |}} **1.-** If customer is using IAS (Internet Authentication Service) Radius Server with Windows 2003 //Most likely the customer has a created policy, but if you like you can right click and create a New Remote Access Policy. Make note that there is an existing WX1200-Policy ( that will be used as our example)// {{ :3com:wireless:controller:configuration:dsgn_39.jpg?nolink&400 |}} **2.-** Right click existing policy and select **Properties** {{ :3com:wireless:controller:configuration:dsgn_40.jpg?nolink&400 |}} **3.-** Customer may have existing policy conditions make sure that customer has specified conditions to match: **Client-IP-Address** must match the Wireless Lan Controller (WX1200 or Wx4400) //Note: Make sure that this condition is on the top of the policy conditions list// {{ :3com:wireless:controller:configuration:dsgn_41.jpg?nolink&400 |}} **4.-** We are now going to edit the profile associated to the policy condition, click Edit Profile * Edit dial-in profile will pop up and click the **Advanced** tab - * Click on **Add** and follow to step 5 {{ :3com:wireless:controller:configuration:dsgn_42.jpg?nolink&400 |}} **5.-** We are now going to add a new attribute Vendor-Specific and click **Add** * Follow to Step 6 {{ :3com:wireless:controller:configuration:dsgn_43.jpg?nolink&400 |}} **6.-** Click **Add** button and then the //Vendor-Specific Attribute Information// windows will pop * Select //Enter Vendor Code// and type //14525// in the field * Select //Yes. It Conforms// * Click the //Configure attribute// button and follow to step 7 {(Configure VSA (RFC compliant)} will come up {{ :3com:wireless:controller:configuration:dsgn_44.jpg?nolink&400 |}} **7.-** In the //Vendor-assigned attribute// number field type : **1** * In the// Attribute Format// field type: **String** * In the //Attribute value// field type : **default** //NOTE: in the attribute value the customer **MUST** enter the "name of the default vlan he or she has setup"// * By default for 3com the name of the default vlan is default * Customer may have changed name of default vlan so make sure it is entered correctly //This field is CASE sensitive so match the default name letter for letter!// =====ALTERNATIVE===== If Radius Server fails to send vlan attribute or WX does not make it out, IETF Tunnel-Private-Group-ID attribute could be used instead. {{ :3com:wireless:controller:configuration:dsgn_45.png?nolink&400 |}} {{ :3com:wireless:controller:configuration:dsgn_46.png?nolink&400 |}} **Attribute value in** = String format **Attribute value** = , e.g. default --- //[[nce@itclatam.com|David Gonzalez]] 2021/03/31 11:43//