Require NAS dependant radius return attributes

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Require NAS dependant radius return attributes

B Thompson
Hi

I have a problem which I want to find out if I can solve using
FreeRADIUS.

I am setting up an 802.1x based network where I want to use RADIUS
assigned VLAN's. I have succesfully tested this with Cisco wireless
access point's and FreeRADIUS 1.0.1 using a users file like this :-

>>>snip>>>

test3999        NT-Password := "35C8397B2320E568467904861A2AF40F"
        Tunnel-Private-Group-ID:1 = 3999,
        Fall-Through = Yes

test4025       NT-Password := "35C8397B2320E568467904861A2AF40F"
        Tunnel-Private-Group-ID:1 = 4025,
        Fall-Through = Yes

DEFAULT
        Tunnel-Type:1 = VLAN,
        Tunnel-Medium-Type:1 = IEEE-802

>>>snip>>>

The trouble is I need to assign different VLAN's to users depending
which access point they connect from. What I would like to know is if it
is possible to use Huntgroups to look up the VLAN id based on something
like the IP address of the access point?

Example:
Let's say I have two access points called AP1 and AP2. If a user
connects to AP1, I want the RADIUS server to look up from somewhere what
is the correct VLAN to assign to people using AP1 and return the correct
attributes to suit. If the same user connects to AP2 I want the VLAN id
to be the correct one for AP2 which may be different to AP1.

Any advice would be appreciated,

Ben Thompson

 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Require NAS dependant radius return attributes

Nicolas Baradakis
Ben Thompson wrote:

> The trouble is I need to assign different VLAN's to users depending
> which access point they connect from. What I would like to know is if it
> is possible to use Huntgroups to look up the VLAN id based on something
> like the IP address of the access point?

You could test the variable "Client-IP-Address" in the users file.

testuser Client-IP-Address == 10.0.0.1, Password := "azerty"
        Tunnel-Private-Group-ID:1 := 1,
        Fall-Through = Yes

testuser Client-IP-Address == 10.0.0.2, Password := "azerty"
        Tunnel-Private-Group-ID:1 := 2,
        Fall-Through = Yes

--
Nicolas Baradakis

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html