ITC/3AV WIKI

User Tools

Site Tools

Trace: wireless_client_granted_access_to_ias_radius_server
3com:switch:controller:configuration:wxm:wireless_client_granted_access_to_ias_radius_server

WIRELESS CLIENT GRANTED ACCESS TO (IAS) RADIUS SERVER

Wireless Client Granted Access to (IAS) Radius Server, BUT is unable to get an address from DHCP server

Experienced this with one of my customers and Earl asked me to tell the customer to do the following in his Radius Remote Access Policies

Note: THIS ONLY APPLIES TO IAS ONLY

1.- If customer is using IAS (Internet Authentication Service) Radius Server with Windows 2003

Most likely the customer has a created policy, but if you like you can right click and create a New Remote Access Policy. Make note that there is an existing WX1200-Policy ( that will be used as our example)

2.- Right click existing policy and select Properties

3.- Customer may have existing policy conditions make sure that customer has specified conditions to match:

Client-IP-Address must match the Wireless Lan Controller (WX1200 or Wx4400)

Note: Make sure that this condition is on the top of the policy conditions list

4.- We are now going to edit the profile associated to the policy condition, click Edit Profile

  • Edit dial-in profile will pop up and click the Advanced tab -
  • Click on Add and follow to step 5

5.- We are now going to add a new attribute Vendor-Specific and click Add

  • Follow to Step 6

6.- Click Add button and then the Vendor-Specific Attribute Information windows will pop

  • Select Enter Vendor Code and type 14525 in the field
  • Select Yes. It Conforms
  • Click the Configure attribute button and follow to step 7 {(Configure VSA (RFC compliant)} will come up

7.- In the Vendor-assigned attribute number field type : 1

  • In the Attribute Format field type: String
  • In the Attribute value field type : default

NOTE: in the attribute value the customer MUST enter the “name of the default vlan he or she has setup”

  • By default for 3com the name of the default vlan is default
  • Customer may have changed name of default vlan so make sure it is entered correctly

This field is CASE sensitive so match the default name letter for letter!

ALTERNATIVE

If Radius Server fails to send vlan attribute or WX does not make it out, IETF Tunnel-Private-Group-ID attribute could be used instead.

Attribute value in = String format

Attribute value = <vlan-name> , e.g. default

David Gonzalez 2021/03/31 11:43

3com/switch/controller/configuration/wxm/wireless_client_granted_access_to_ias_radius_server.txt · Last modified: 2021/04/03 12:29 by dgonzalez
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki