suggestions for multiple vlans in hundreds of switches

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Sat Apr 21 16:27:04 CEST 2007


Phil Mayers wrote:
> Arran Cudbard-Bell wrote:
>   
>>> This could also be done cleaner (but slower) with cleverly designed SQL 
>>> tables or stored procedures
>>>   
>>>       
>> Yeah, complex sql really can be quite slow, specially when the queries 
>> are being run multiple times for all the rounds required in eap 
>> authentication.
>>     
>
>
> You've seen Alans hint re: only running on the tunnel so that helps there.
>
>   
>> I use a second instance of preprocess to read a second hints file called 
>> 'nas_hints' this uses dynamic sql queries to grab extra nas_attributes 
>> from the server.
>>     
>
> That's a clever trick.
>
> One of the main advantages of the rlm_passwd module is that it can add 
> items to the *request* as well as the config and reply items. It would 
> be extremely handy if the SQL module could do this too.
>
> Specifically I can think of uses for 2-pass SQL queries where one would 
> want to use data returned from the 1st query in the 2nd. This is 
> basically impossible to do without using stored procedures at the moment.
>
> Regarding your bitmask trick - maybe there's a use for bitwise 
> operators, e.g.:
>
> # NAS-Features - integer bitfield
> # 128 - router, admins only
> #  64 - do vlan assignment
> #  32 - do IP assignment
>
> DEFAULT	NAS-Features & 128, SQL-Group != "ADMINS", Auth-Type := Reject
> 	Reply-Message = "admins only"
>
> DEFAULT	NAS-Features & 64
> 	Tunnel-Private-Group-Id = `%{sql:select vlan('%{NAS-IP-Address}', 
> '%{User-Name}')}`
> 	Fall-Through = Yes
>
> DEFAULT	NAS-Features & 32, Pool-Name := "something"
>
> ...and so on
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   
Yes !!!

I didn't know freeradius supported bitwise operators ! They're not 
listed anywhere so I assumed you couldn't use them ?!

Ohh this makes things so much neater :)

Thanks Phil



More information about the Freeradius-Users mailing list