Morgan,

Make sure the vlans are egressing the port the HWC is patched into. Depending on your config, the VLAN may also need to be egressing the AP port as well, I believe. Testing to make sure the wireless piece works without requiring authentication, to ensure the plumbing works right, may save you some unnecessary headaches.

The account needs to be setup for whatever your radius checks against, similar to a user account. Unless you have freeradius setup to have a static list of MAC's. We use MS Radius, not freeradius, so I am not sure how well all of this translates. For the Filter-Id, we send back: Enterasys:version=1:policy=<policy name> and that policy needs to correspond to a policy on the HWC.

Are you also trying to figure out how to setup the VNS on the HWC as well?


Patrick Printz
Network Infrastructure

Quinsigamond Community College
670 West Boylston Street
Worcester, MA 01606-2092
w. 508-854-7517
c. 508-726-9529


"If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry.  He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well."
~Martin Luther King, Jr.


-----Original Message-----
From: Morgan.wang [mailto:king-***@163.com]
Sent: Wednesday, April 17, 2013 9:57 AM
To: Enterasys Customer Mailing List
Subject: [enterasys] HWC about radius attribute question

Now I need do mac authentication for freeradius,and freeradius send Tunnel attribute(vlan id) back to HWC and send different end users to different vlan.
How to do it?
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys ***@qcc.mass.edu

---
To unsubscribe from enterasys, send email to ***@unc.edu with

Hi Morgan ,
We do support multiple attributes to accomplish your task .
The easiest way would be to configure Filter-ID attribute which will match
the Policy name configured on HWC (has to be exact name) . The Policy can be
tight to VLAN (topology) .
Other method would be to configure Login-LAT-Group attribute which will send
the VLAN ID .

-----Original Message-----
From: Morgan.wang [mailto:king-***@163.com]
Sent: Wednesday, April 17, 2013 9:57 AM
To: Enterasys Customer Mailing List
Subject: [enterasys] HWC about radius attribute question

Now I need do mac authentication for freeradius,and freeradius send Tunnel
attribute(vlan id) back to HWC and send different end users to different
vlan.
How to do it?
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body:
unsubscribe enterasys ***@enterasys.com

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

I have set this up to use Microsoft NPS server and authenticate clients
against a back end 2008 R2 Active Directory.
In my case I have to create the AD accounts with the mac address as the
UserID and Password. You have to enter the userid and password in the
same format that your HWC is going to send it to the radius server though.
You can see what that is under "VNS Configuration" -> "Global" ->
"Authentication". That is also where you set up your radius servers.
I have a VNS set up to do that just for gaming consoles, internet capable
TV's, and internet capable set-top boxes for our students that live on
campus. It is really just a way to make them all register their devices,
not very secure because a lot of people know how to spoof a mac address,
but it is better than nothing.
I have the MS NPS policy set to respond with a "Filter-ID" of a valid
policy name for that VNS. I then set up the filters on the policy to give
them access to what I want them to have access to.
But the request has to come to the NPS with the right "NAS Identifier" set
on it as well so you can differentiate between other VNSs you might be
authentication from the same radius server. You can set that under "VNS
Configuration" -> "WLAN Services" -> the "Auth & Acct" tab -> select your
radius server from that list and then click the "Configure" button.

Good luck.
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

I have do task on freeradius. but I have some question on configuring HWC. My configuration step as following:
1. setup 3 topology: vlan30, vlan40 and vlan50, all working in bridge HWC mode
2. setup 3 policy: policy30, policy40 and policy50, assigned to vlan30/40/50
3. setup 1 wlan service: wifi_user,enable mac authentication
4. The key is setup virtual network: the authenticated policy. which should I select? The policy should match the Filter-ID attribute from radius.But in fact I must select one of 3 policy and the selected policy will take effect and ignore the policy matched the Filter-ID attribute from radius.
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org