Why Vlan is not assigned correctly when operator type is set as "equals" in Tunnel-Private-Group-Id?

By esupport posted Feb 20, 2017 03:19 PM

  
Q:

Why Vlan is not assigned correctly when operator type is set as "equals" in Tunnel-Private-Group-Id in CPPM server?



A:

The cause of this issue is if radius server is CPPM, it will return tag and Tunnel-Private-Group-Id value which is causing it.

it doesn't match derivation rules when operator type is set to "equals".
 
CPPM return result from captures:
 
AVP: l=7  t=Tunnel-Private-Group-Id(81) Tag=0x01: v200
    Tag: 0x01
    Tunnel-Private-Group-Id: v200
 
Free-radius and win2008 radius server return results:


AVP: l=6  t=Tunnel-Private-Group-Id(81): v200
    Tunnel-Private-Group-Id: v200      
 
The work around is to tweak the tag value to zero.  Below is the steps to tweak the value. 
 
Enable the Avenda dictionary in Admin -> Radius -> Dictionary -> Avenada -> Enable.
then in the enforcement policy, also add RADIUS:Avenda:Avenda-tag-Id => 0 which will set the tag value to 0x00 and then AOS/IAP should be able to parse out the integer correctly.
 

 

 

0 comments
0 views