Hash username or mac address to assign user to different vlan

schilling schilling2006 at gmail.com
Fri Feb 18 15:52:29 CET 2011


I can explain my environment.
We are migrating from traditional captive portal to new 802.1x
WPA2-Enterprise, from fat AP to controller based wireless
architecture,  Wireless mobility comes into play too.  At the same
time, how to maintain the traditional source-based IP ACL/Firewall? We
already implemented MPLS VPN based network virtualization, so we want
to utilize both MPLS VPN and newer wireless architecture.  That's why.

Another thing is big VLAN broadcast scalability. So we want to chop
off users in different VLANs at first by hash, later will try to
implement group based VLAN assignment.

Also, we agree with the consensus of use eap/peapv0 for 802.1x. Just
no hassle to install third party supplicant to M$ computers. And it
could work with either AD or LDAP with ntPassword hash.

Schilling



On Fri, Feb 18, 2011 at 9:36 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 18/02/11 14:29, schilling wrote:
>>
>> Could you share your configuration and perl script? So I can learn from
>> it?
>> I am thinking of use ldap status to decide the pool, then hashing mac
>> address of the client to get different VLAN.
>
> It seems like a lot of people are suddenly wanting to do this.
>
> Can any of you explain why, and why now? Just curious. It seems odd that so
> many people want to do it, all at the same time.
>
> Did an article appear online or in a magazine or something ;o)
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list