Header Only - DO NOT REMOVE - Extreme Networks

D/C/B-Series Authentication with VLAN-Tunnel-based VLAN ID Fails: "TunnelPrivateGroupId0 length is greater than 4!"


Userlevel 3
Article ID: 16031

Products
D-Series, firmware 6.03.09.0005 through 6.03.11.0004
C5-Series, firmware 6.42.01.0046 through 6.61.07.0010
C3-Series, firmware 6.42.01.0046 through 6.61.07.0010
B5-Series, firmware 6.42.01.0046 through 6.61.07.0010
B3-Series, firmware 6.42.01.0046 through 6.61.07.0010

Changes
Configured authentication to use the vlan-tunnel attributes in the RADIUS reply to assign a VLAN to the authenticating user.
That is, using '
code:
set policy maptable response tunnel
' or '
code:
set policy maptable response both
'.

Symptoms
Upon authentication, the VLAN assignment does not take place.
The error log contains message "
code:
TunnelPrivateGroupId0 length is greater than 4!
"

Cause
The server is inappropriately padding the VLAN ID with a NULL character, which for VLAN values greater than 999 will cause the length of the ID to exceed the defined spec maximum.

Solution
For the D-Series, upgrade to firmware 6.03.12.0006 or higher.
For the C5, C3, B5, or B3-Series, upgrade to firmware 6.61.08.0004 or higher.

0 replies

Be the first to reply!

Reply