Project

General

Profile

Actions
Copy link

Bug #8568

closed

FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.

Added by Vu Pham almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Jim Pingle
Category:
FreeRADIUS
Target version:
-
Start date:
06/12/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

on Pfsense 2.3-RELEASE, it took a string value such as U:10 or U:Data-vlan, and T:20 or T:Voice-vlan for untagged and tagged vlan respectively:

Here is the description of this field on pfsense:
Enter the VLAN ID (integer from 1-4095) or the VLAN name that this username should be assigned to.
Must be supported by the NAS.
This setting can be used for a NAS that supports the following RADIUS parameters:

Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-ID = "THIS IS YOUR INPUT"

However on the latest Pfsense, when entered U:10 or U:Data-vlan or T:Voice-vlan, we'll get this Error:

"The following input errors were detected:

The 'VLAN ID' field must contain an integer value."

Also here is what documented on RFC3580: https://tools.ietf.org/html/rfc3585
"or use in VLAN assignment, the following tunnel attributes are used:

Tunnel-Type=VLAN (13)
   Tunnel-Medium-Type=802
   Tunnel-Private-Group-ID=VLANID
Note that the VLANID is 12-bits, taking a value between 1 and 4094,
   inclusive.  Since the Tunnel-Private-Group-ID is of type String as
   defined in [RFC2868], for use with IEEE 802.1X, the VLANID integer
   value is encoded as a string."

In addition, standalone free-radius, older pfsense 2.3, as well as other vendors work with string value.

Believe this is just a software bug on the Pfsense GUI, that unable to take a string value.

Actions
Copy link
 #1

Updated by Jim Pingle almost 8 years ago

  • Category set to FreeRADIUS
  • Status changed from New to Resolved
  • Assignee set to Jim Pingle
  • Priority changed from Very High to Low
  • % Done changed from 0 to 100
  • Affected Architecture All added
  • Affected Architecture deleted ()

I removed the VLAN ID input validation that was preventing your custom value from being saved. It was, as you pointed out, validating it as an integer when there are many other potentially valid values.

It should be fixed in 0.15.5_2 which will show up shortly (if it's not up already)

Actions
Copy link
 #2

Updated by Vu Pham almost 8 years ago

Thank you Jim. I verified in my lab and it's working great now! Really appreciate the quick turnaround.

Thanks,

Vu

Actions
Copy link

Also available in: Atom PDF