suggestions for multiple vlans in hundreds of switches
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Apr 19 21:17:14 CEST 2007
Hi,
> This seems to work. The issue is scale. I have would conceivably have to
> have a huntgroup definition in the huntgroups file for each NAS. And if I
> wanted 30 vlans, I'd have to have 30 definitions like the ones above in my
> users file for EACH one of my NAS's.
that would depend on what scale this would have to go to. certainly
if each switch were to hav different VLANs for each of the types of users
eg switch 1 vlan 200 for staff, vlan 201 for researchers
switch 2 vlan 300 for staff, vlan 301 for researchers
this woul dget very big very quickly.
however, if each switch only needs to feed the same VLAN depending
on the class of user - ie those 30 VLANs are are the same on each switch,
then you can simply define a normal huntgroup for the switch eg in
$place/raddb/huntgroup
my-switches NAS-IP-Address == 231.123.241.123
my-switches NAS-IP-Address == 231.123.241.124
my-switches NAS-IP-Address == 231.123.241.125
my-switches NAS-IP-Address == 231.123.241.126
etc etc.
then, in your example , the entry looks like
DEFAULT Huntgroup-Name == my-switches, Ldap-Group == student
User-Name=`%{User-Name}`,
Tunnel-Private-Group-Id=177,
Tunnel-Type=VLAN,
Fall-Through = no
(plus the others for each class of user)
a 'clear scale' way would otherwise to be having an SQL table which defines
each VLAN for each Ldap-group for each switch (or NAS) and use Perl
or python to extract that info and return the attributes based on
the request.
alan
More information about the Freeradius-Users
mailing list