Filtering VLAN assignmen in eduroam

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Tue Nov 24 15:48:29 CET 2015


Hi,

> 	I'm using freeradius 3.0.10 to authenticate eduroam connections.
> 
> 	In my inner server I return attributes to assign VLAN to our
> internal users and I want these attributes to be filtered when the
> connection is from an external organization.

then best common practice is to create a new set of virtual servers
(eg eduroam and eduroam-inner-tunnel)  and then any requests from your
national proxy servers get sent to those instead.....and all that 
set of servers do is authenticate users and dont set VLANs etc - thus
you have a very easy, controlled policy AND you arent looking
up group membership etc etc - whereas what you propose is still looking
up group membership and then filtering it out (very inefficient!)

alan




More information about the Freeradius-Users mailing list