Dynamic VLAN-id setting on wireless AP
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed May 30 13:45:27 CEST 2007
Jan Schermer / ET NETERA wrote:
> Hi,
> I want to tag VLANs on the wireless AP (Mikrotik OS) according to radius
> criteria (type of autentization, DN in certificate etc.). Does someone
> here have experience with that?
> It seems easy enough to do on the freeradius side, but how is this
> supposed to work on the wireless AP side? (I know, this is not a
> Mikrotik mailing list, sorry in advance :). Does the AP really have to
> be smart enough to tag packets per-client? Should it work out of the
> box? Is it secure to mix clients from different security domains?
>
> Any experience appreciated, thanks
>
>
I'm pretty sure the RouterOS stuff isn't smart enough to do Dynamic VLAN
assignment...
If it is, it will want
Tunnel-Type → Type of tunnel, switch expects VLAN or integer 13.
Tunnel-Medium-Type → Medium, Switch expects IEEE-802 or integer 6.
Tunnel-Private-Group-ID → Vlan ID, switch any tagged VLAN.
in the access accept packet.
If you get this working, please post back. I've got one sitting on my
desk and it would be nice to do something with it other than use it as a
pretty black paper weight.
I quite like the routerOS stuff , it's a pitty they concentrated on all
that hotspot bollocks instead of building in proper 802.1x support.
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list