I recently received a SF302-08 to configure and I have to say quite an improvement over the SRW208 I had earlier. One thing bugs me though, with authentication requests it does not send the Service-Request parameter. On our Catalyst switches I have been experimenting with adding vsa keys to the requests and replies but on the SF302-08 I cannot find that feature yet. Can anyone tell me if it is at all possible to add custom or cisco proprietary vsa keys to an authentication request?
Thanks in advance,
Based on the admin guide of the 300 series switches the vsa keys are not supported on the switch.
I'm not sure if that will be a future supported feature for the device at the moment.
That would be a pity, but maybe you can help me a supported vsa set to work properly. I am Radius VLAN assignment and am unable to get it to work properly.
I am sending the attributes as described but it fails on the Tunnel-Private-Group-ID.
For the Dynamic VLAN Assignment feature to work, the switch requires the following VLAN attributes to be sent by the RADIUS server (as defined in RFC 3580):
 Tunnel-Type = VLAN (type 13)
 Tunnel-Medium-Type = 802 (type 6)
 Tunnel-Private-Group-Id = VLAN ID
VLAN 7 (Guest) is the VLAN that the port should be assigned to, but for the different ways of sending the data I get these results.
Mar 2 12:53:53 10.1.1.181 %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:22:15:8e:a4:ac was rejected on port e1 because Radius accept message does not contain VLAN ID
Mar 2 12:57:36 10.1.1.181 %AAAEAP-W-RADIUSREPLY: Invalid attribute 81 ignored - wrong length
Mar 2 13:04:00 10.1.1.181 %AAAEAP-W-RADIUSREPLY: Invalid attribute 81 ignored - cannot decode VLANID
I was able to talk to some of the design team and the VSA key they suggest to use is
The VSA keys needs to be configured in the users file on the Radius server as follows:
cisco-avpair = "shell:priv-lvl=15"
Let me know if this helps.
CCNA, CCNA - Security
Sorry for the late reply and thank you for the suggestion. Unfortunately it did not help, in a way it would have surprised me if it had but you never know.