vlan and freeradius
omegabk at gmail.com
Wed Mar 3 16:01:41 CET 2010
2) " set the switch to use RADIUS return attributes for VLAN (and for
session time etc)
and set the fail VLAN and guest VLAN to Y" => that's really what i want to
do so in my users file
myuser Cleartext-Password := "user"
Tunnel-type = VLAN,
Tunnel-Medium-Type = 802,
Tunnel-Private-Group-ID = "666"
Session-Timeout = "28800"
Termination-Action = "RADIUS-Request"
but how to set the fail VLAN and guest VLAN to Y ???
PS: "you should never use VLAN1 for users - most would say you shouldnt use
for anything on cisco kit - its the default native vlan." => sure!!!
2010/3/3 Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> > Hello,
> > so i would like to redirect my winxp authenticated to VLAN1 and if not
> authenticated , this client must be in vlan2
> > i got a switch cisco
> > so how to handla this with freeradius?
> read the cisco docs on dealing with 802.1X.
> you should never use VLAN1 for users - most would say you shouldnt use
> for anything on cisco kit - its the default native vlan.
> what you need to do is set the port on the switch to do 802.1X...then you
> can either
> do the following
> 1) set the access vlan to X, then se the fail VLAN to Y and the guest VLAN
> to Y
> or (my preferred way)
> 2) set the switch to use RADIUS return attributes for VLAN (and for session
> time etc)
> and set the fail VLAN and guest VLAN to Y
> where X is the access vlan for auth and Y is the chosen fail vlan
> why do method 2? well, its then easy/quick to change the VLAN returned to
> the switch
> no matter where on campus/site/infrastructure - its all done via decisions
> on the radius server.
> the return attributeS?
> 'Tunnel-Medium-Type'} = "IEEE-802"
> 'Tunnel-Type' = "VLAN"
> 'Tunnel-Private-Group-Id' = "666"
> 'Session-Timeout' = "28800"
> 'Termination-Action' = "RADIUS-Request"
> that would set the VLAN to be 666 with an 8 hour timeout.
> these can be set via users file, SQL, perl, python etc. we use a PERL
> script in the post-auth section
> List info/subscribe/unsubscribe? See
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users