Powered by Jitbit Forum free trial version.
home recent topics recent posts search faq  

TekRADIUS Forum


register | lost password   open id

Messages in this topic - RSS

Home » General » Check VLAN

General issues
show rated messages only |
22.07.2010 21:35:19

cjolly
cjolly
Posts: 7 		Ok so hate to bother you again but just about got what I need to do. One last thing I am trying to do is keep users seprated.

I have two VLANs that are in different parts of the building.

VLAN 1 in the east (SSID: East)
and
VLAN 2 in the west (SSID: West)

I would like to be able to prevent somebody in the west on VLAN 2 from going to the east in VLAN 1 and logging in. I have tried using the Connect-Info which I configuered in my access manager to pass the VLAN but can't seem to get it to work.

So in other words I have user john who is in the east and I do not want him to goto the west and join VLAN 2 and be able to login. Only want john to be allowed to login if he is on VLAN 1.

Thanks tons for your quick responses so far. Got things working great just trying to get rid of some extra boxes.

Chris Jolly
0 permalink
22.07.2010 22:35:32

Admin
Admin
Administrator
Posts: 1684 		Hi,

Is it possible you to send me sample RADIUS access-request packets from both VLANs?

Best regards,
Yasin KAPLAN
0 permalink
22.07.2010 23:36:15

cjolly
cjolly
Posts: 7 		admin wrote:
Hi,

Is it possible you to send me sample RADIUS access-request packets from both VLANs?

Best regards,
Yasin KAPLAN


Can I get that from the log you think or database?
0 permalink
23.07.2010 10:16:03

Admin
Admin
Administrator
Posts: 1684 		You can have them from TekRADIUS log (Accessible through file menu)
0 permalink
23.07.2010 17:08:35

cjolly
cjolly
Posts: 7 		admin wrote:
You can have them from TekRADIUS log (Accessible through file menu)


RadAuth req. from : XXX.XXX.XXX.4:3951 - 7/23/2010 8:21:19 AM
Size : 78 / 78
Identifier : 165
Attributes :
NAS-IP-Address = XXX.XXX.XXX.4
User-Name = cjolly
NAS-Identifier = Cisco
7/23/2010 8:21:19 AM - CHAP authentication commencing (Group : Default).
7/23/2010 8:21:19 AM - CHAP authentication successful (Group : Default).
7/23/2010 8:21:19 AM - Check items control - Start (Group : Default).
7/23/2010 8:21:19 AM - Check items control - Stop (Group : Default).
7/23/2010 8:21:19 AM - Authentication successfull for user 'cjolly'
7/23/2010 8:21:19 AM - Fetching Success-Reply items - Start.
7/23/2010 8:21:19 AM - Fetching Success-Reply items - Stop.
RadAcct req. from : XXX.XXX.XXX.4:3952 - 7/23/2010 8:22:43 AM
Size : 116 / 116
Identifier : 245
Attributes :
Framed-IP-Address = 172.20.4.145
Acct-Status-Type = Start
NAS-Port-Type = Ethernet
Acct-Authentic = RADIUS
Login-IP-Host = XXX.XXX.XXX.5
User-Name = cjolly
Acct-Session-Id = 172.20.4.145_TQ7QRMAYYSXBZT3M
Connect-Info = 82
NAS-Identifier = Cisco CAM
Event-Timestamp = 1279891382
NAS-IP-Address = XXX.XXX.XXX.4
--------------------------------------------------------------------------
RadAuth req. from : XXX.XXX.XXX.4:3954 - 7/23/2010 8:28:50 AM
Size : 84 / 84
Identifier : 229
Attributes :
Framed-IP-Address = 172.20.1.209
NAS-IP-Address = XXX.XXX.XXX.4
User-Name = cjolly
NAS-Identifier = Cisco
7/23/2010 8:28:50 AM - CHAP authentication commencing (Group : Default).
7/23/2010 8:28:50 AM - CHAP authentication successful (Group : Default).
7/23/2010 8:28:50 AM - Check items control - Start (Group : Default).
7/23/2010 8:28:50 AM - Check items control - Stop (Group : Default).
7/23/2010 8:28:50 AM - Authentication successfull for user 'cjolly'
7/23/2010 8:28:50 AM - Fetching Success-Reply items - Start.
7/23/2010 8:28:50 AM - Fetching Success-Reply items - Stop.
RadAcct req. from : XXX.XXX.XXX.4:3955 - 7/23/2010 8:28:50 AM
Size : 116 / 116
Identifier : 17
Attributes :
Framed-IP-Address = 172.20.1.209
Acct-Status-Type = Start
NAS-Port-Type = Ethernet
Acct-Authentic = RADIUS
Login-IP-Host = XXX.XXX.XXX.5
User-Name = cjolly
Acct-Session-Id = 172.20.1.209_KE1HPX3ZU2JQUM21
Connect-Info = 81
NAS-Identifier = Cisco CAM
Event-Timestamp = 1279891748
NAS-IP-Address = XXX.XXX.XXX.4
0 permalink
23.07.2010 17:44:42

Admin
Admin
Administrator
Posts: 1684 		As far as I see Cisco CAM does not send an attribute which contains VLAN informations in Access-Request packets.
You can not distinguish user's VLAN in this case.
0 permalink
23.07.2010 18:30:23

cjolly
cjolly
Posts: 7 		admin wrote:
As far as I see Cisco CAM does not send an attribute which contains VLAN informations in Access-Request packets.
You can not distinguish user's VLAN in this case.


Yes thats kind of what I was thinking. Does not look like it's passed before authentication. Thanks for looking just needed a second opinion.
0 permalink
23.07.2010 18:57:16

Admin
Admin
Administrator
Posts: 1684 		You welcome
0 permalink
show rated messages only |


Home » General » Check VLAN




Powered by Jitbit Forum 7.2.3.0 © 2006-2011 Jitbit Software