Load-Balance VLAN assignment via unlang
Scott Armitage
S.P.Armitage at lboro.ac.uk
Tue Jul 17 14:28:57 CEST 2012
On 17 Jul 2012, at 12:57, Cotton, Jesse wrote:
> Using FR as a central RADIUS server. One task it performs is dot1x auth. It forwards eap requests to one of several home servers which performs the auth and returns several attributes including Tunnel-Private-Group-Id. This attribute contains multiple values indicating one of several potential vlans a client can be put on. I would like perform simple load balancing by selecting one of the vlans randomly. I have the following within the post-auth section. What am I doing wrong? I have tried several variations. I know the syntax is incorrect but google has not been helpful. Thanks in advance.
>
>
>
>
>
> if("%{reply:Tunnel-Private-Group-Id[#]}" > 1){
>
> update reply {
>
> Tunnel-Private-Group-Id := %{reply:Tunnel-Private-Group-Id[%{rand:%{reply:Tunnel-Private-Group-Id[#]}}]}
>
> }
>
> }
>
Not a solution but some caveats. If you are randomly returning a vlan, you could have clients bouncing around vlans when they reauth. You may also achieve the same result using features in your wireless equipment. For example if you have Cisco wireless you could use Vlan Select (and return the clan select group from the radius server).
Scott Armitage
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120717/6ee8ac5e/attachment.pgp>
More information about the Freeradius-Users
mailing list