suggestions for multiple vlans in hundreds of switches
Phil Mayers
p.mayers at imperial.ac.uk
Sat Apr 21 14:52:48 CEST 2007
Arran Cudbard-Bell wrote:
>>
>> This could also be done cleaner (but slower) with cleverly designed SQL
>> tables or stored procedures
>>
> Yeah, complex sql really can be quite slow, specially when the queries
> are being run multiple times for all the rounds required in eap
> authentication.
You've seen Alans hint re: only running on the tunnel so that helps there.
> I use a second instance of preprocess to read a second hints file called
> 'nas_hints' this uses dynamic sql queries to grab extra nas_attributes
> from the server.
That's a clever trick.
One of the main advantages of the rlm_passwd module is that it can add
items to the *request* as well as the config and reply items. It would
be extremely handy if the SQL module could do this too.
Specifically I can think of uses for 2-pass SQL queries where one would
want to use data returned from the 1st query in the 2nd. This is
basically impossible to do without using stored procedures at the moment.
Regarding your bitmask trick - maybe there's a use for bitwise
operators, e.g.:
# NAS-Features - integer bitfield
# 128 - router, admins only
# 64 - do vlan assignment
# 32 - do IP assignment
DEFAULT NAS-Features & 128, SQL-Group != "ADMINS", Auth-Type := Reject
Reply-Message = "admins only"
DEFAULT NAS-Features & 64
Tunnel-Private-Group-Id = `%{sql:select vlan('%{NAS-IP-Address}',
'%{User-Name}')}`
Fall-Through = Yes
DEFAULT NAS-Features & 32, Pool-Name := "something"
...and so on
More information about the Freeradius-Users
mailing list