ITC/3AV WIKI

User Tools

Site Tools

Trace: configure_network_access_manager_to_include_a_tunnel_tag_in_a_vlan_assignment
3com:network_access_manager:configuration:configure_network_access_manager_to_include_a_tunnel_tag_in_a_vlan_assignment

CONFIGURE NETWORK ACCESS MANAGER TO INCLUDE A TUNNEL TAG IN A VLAN ASSIGNMENT

Problem:

  • How do I configure Network Access Manager to include a tunnel tag in a VLAN assignment
  • Missing RADIUS tunnel tag

Fact:

  • Network Access Manager
  • Network Director v2.0
  • EMS
  • Network Access Manager 1.2
  • 3C15510
  • NAM
  • NAM Version 1.2
  • RADIUS
  • Tunnel tag
  • VLAN
  • Authorisation Type
  • 3ComNAMIAS-Configuration.ini
  • Cisco

Cause: The 3Com Network Access Manager V1.2 pre-defined authorisation types, which control the RADIUS authorisation response, do not include the optional tunnel tag value in the RADIUS tunnelling attributes used to assign a VLAN as part of the RADIUS authorisation response. This behaviour is consistent with the IETF RFC 2868 ”RADIUS Attributes for Tunnel Protocol Support” which says that the tunnel tag should only be used when multiple sets of tunnelling attributes are supplied.

However, some third party devices require the tunnel tag to always be included in the RADIUS authorisation response. To configure the 3Com Network Access Manager to support these devices a user-defined Authorisation Type should be created which is configured to include the tunnel tag value required by the switch in the tunnel attributes. Review the third party device documentation to determine the actual value to be included in the tunnel tag. An IAS Remote Access Policy must then be created for these devices which will specify the user-defined Authorisation Type.

Fix: The user-defined Authorisation Type is configured by modifying the ‘3ComNAMIAS-Configuration.ini’ file; this is located in the product installation directory (eg. “C:\Program Files\3Com\Network Access Manager”). The file contains information on the format of its contents which should be read before any changes are made. This file can be edited using the Microsoft Notepad program.

The following example will include the tunnel tag with a value of 1 (i.e. the first octet in the attribute value): 

# Authorization Type to include a tunnel tag with value 1 with the 
# tunnelling attributes used for the VLAN assignment. 


auth_type 100 
{ 
#   Tunnel-Type is tag=1, data=VLAN 
    assign_vlan   replace Tunnel-Type                               0x0100000D   

#   Tunnel-Medium-Type is tag=1, data=IEEE-802 
    assign_vlan   replace Tunnel-Medium-Type                   0x01000006 



#   Tunnel-Private-Group-Id is tag=1, data=VLAN Id selected by the rule 
    assign_vlan   replace Tunnel-Private-Group-Id  "\01%vi" 

    assign_policy replace Filter-Id                                     %pi 
}

After modifying the configuration file it is necessary to restart the IAS service in order for the NAM authorisation plug-in to recognise the new authorisation type. To verify that the NAM authorisation plug-in successfully read the modified configuration file check for errors in the “3Com Network Access Manager” event log using the Microsoft Event Viewer tool.

David Gonzalez 2021/04/15 11:03

3com/network_access_manager/configuration/configure_network_access_manager_to_include_a_tunnel_tag_in_a_vlan_assignment.txt · Last modified: 2021/04/15 11:07 by dgonzalez
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki