Radius+Ldap:Allow the same host in multiple vlans
Ramon Escriba
escriba at cells.es
Thu Sep 30 15:02:04 CEST 2010
Hi Alan,
Well, touche. We're also trying to use the ldap db to store dhcp info, so
using the same structure to keep all host related data, radius+dhcp+dns.
The problem is we've a big number of vlans, and multiple devices may connect
in some vlans. I'll try to simplify, I shall keep thinking on it.
By the way, in some of the cases the switch-ip, even switch+port, is the
key, so huntgroups does the job but only partially.
This works (original huntgroups example):
#business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 1
But not this:
#business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 1-7
Why? It's normal?? If this feature work, it'll keep things a bit more
simple. I'm missing something,isn't it?
Thanks for your fast answer.
-----Original Message-----
From: freeradius-users-bounces+escriba=cells.es at lists.freeradius.org
[mailto:freeradius-users-bounces+escriba=cells.es at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: jueves, 30 de septiembre de 2010 9:34
To: FreeRadius users mailing list
Subject: Re: Radius+Ldap:Allow the same host in multiple vlans
Ramon Escriba wrote:
> Is that aproach, try the "next vlan" if exists @ ldap, possible, how?
You've tried a lot of different things and are lost in the complexity of
the solution.
The problem isn't that hard. Find a "key" which determines which VLAN to
use. This key can be switch IP, location, etc.
Then, use that key to select the correct VLAN.
What you're doing right now is trying to grab *all* VLANs, and then filter
out the ones which aren't relevant. That's more complicated, and is less
likely to work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list