Re: Dynamic VLAN - limiting switchs VLANs?

Robert wrote:

Hello all,

I currently have FR running and happily doing MAC authentication against
a MYSQL DB. 
I can plug a computer into the switch, have the switch grab the MAC
addy, pass it to FR, hit the DB and return what VLAN that MAC belongs
to, and then have the switch configure to port to the correct VLAN.

Now the complication that I'm facing is that in our environment, a MAC
might be assigned to multiple VLANs and our switches only have a
fraction of the total number VLANs trunked to them.

What I need is a way FR can not only match the MAC to a VLAN, but also
to cross reference that result to the VLANs that are available from the
requesting switch.
If your switches are groups into relatively few sets with the same vlans (e.g. buildings) then you can use an rlm_passwd to map NAS-IP-Address to My-Switch-Group, an rlm_passwd to match Calling-Station-Id to My-Client-Group then in "users": 

DEFAULT	My-Switch-Group == "building1", My-Client-Group == "BANNED"
	Tunnel-Private-Group-Id = 123

...etc.
Best would be to use SQL though ("select * from stored_procedure") or an external script (Exec-Program)
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.