suggestions for multiple vlans in hundreds of switches

Matt Ashfield mda at unb.ca
Thu Apr 19 21:02:26 CEST 2007


I was afraid someone would say that! Haha

 

Matt

-----Original Message-----
From: Donny Jekels [mailto:djekels at gmail.com] 
Sent: April 19, 2007 10:57 AM
To: mda at unb.ca; FreeRadius users mailing list
Subject: Re: suggestions for multiple vlans in hundreds of switches

 

you could extend your ldap schema and add a field for the vlan a user should
belong too.
then all you would need is to query that field and propogate the variable.
"Tunnel-Private-Group-Id=`%{private-vlan}`"




On 4/19/07, Matt Ashfield <mda at unb.ca> wrote:

Hi,

We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP field. Currently, we are doing
this with huntgroups. Namely, we create a huntgroup for the NAS (in our 
case, a network switch), and then in the users file, we put the following:

DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff
       User-Name=`%{User-Name}`,
       Tunnel-Private-Group-Id=176,
       Tunnel-Type=VLAN,
       Fall-Through = no

DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student
       User-Name=`%{User-Name}`,
       Tunnel-Private-Group-Id=177,
       Tunnel-Type=VLAN, 
       Fall-Through = no
And so on...for other groups of user like faculty, admin, etc..

This seems to work. The issue is scale. I have would conceivably have to
have a huntgroup definition in the huntgroups file for each NAS. And if I 
wanted 30 vlans, I'd have to have 30 definitions like the ones above in my
users file for EACH one of my NAS's.

I'm sure there's a simpler way of doing things that I'm missing. Any advice 
is appreciated.

Thanks


Matt
mda at unb.ca



-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070419/199968bd/attachment.html>


More information about the Freeradius-Users mailing list