Project

General

Profile

Actions
Copy link

Bug #8568

closed

FreeRadius- Tunnel-Private-Group-ID or VLAN-ID field no longer taking string value. It only take an integer.

Added by Vu Pham almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Jim Pingle
Category:
FreeRADIUS
Target version:
-
Start date:
06/12/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

on Pfsense 2.3-RELEASE, it took a string value such as U:10 or U:Data-vlan, and T:20 or T:Voice-vlan for untagged and tagged vlan respectively:

Here is the description of this field on pfsense:
Enter the VLAN ID (integer from 1-4095) or the VLAN name that this username should be assigned to.
Must be supported by the NAS.
This setting can be used for a NAS that supports the following RADIUS parameters:

Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-ID = "THIS IS YOUR INPUT"

However on the latest Pfsense, when entered U:10 or U:Data-vlan or T:Voice-vlan, we'll get this Error:

"The following input errors were detected:

The 'VLAN ID' field must contain an integer value."

Also here is what documented on RFC3580: https://tools.ietf.org/html/rfc3585
"or use in VLAN assignment, the following tunnel attributes are used:

Tunnel-Type=VLAN (13)
   Tunnel-Medium-Type=802
   Tunnel-Private-Group-ID=VLANID
Note that the VLANID is 12-bits, taking a value between 1 and 4094,
   inclusive.  Since the Tunnel-Private-Group-ID is of type String as
   defined in [RFC2868], for use with IEEE 802.1X, the VLANID integer
   value is encoded as a string."

In addition, standalone free-radius, older pfsense 2.3, as well as other vendors work with string value.

Believe this is just a software bug on the Pfsense GUI, that unable to take a string value.

Actions
Copy link

Also available in: Atom PDF