Assigning users into different VLANs
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Jul 2 10:11:24 CEST 2014
Hi,
> I am using FreeRADIUS together with WLC from Cisco.
> I have 1 WLAN connected to 2 VLANs and I need to assign user into VLAN
> based on successful pass AAA or not. By that I mean to separate guests and
> members.
> How can I achieve that?
> For now I am using "users" as source of members.
> I came up wtih this
> "admin" Cleartext-Password := "admin"
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = 52,
> Tunnel-Preference = 0x000000
> to assign member into VLAN 52 but I strugle with assigning VLAN for user
> without certificate or password (I need two variants based on certificate
> and PEAP, two different servers).
well, using the RADIUS attributes, which you have done, is the way to do it.
how you do it with your users is down to your policies. you'll probably end up
using unlang in the post-auth phase (man unlang)
however, if this is an EAP/802.1X wireless network you cant do much if they fail.
alan
More information about the Freeradius-Users
mailing list