Lookup lists / arrays?
David Hartburn
D.J.Hartburn at kent.ac.uk
Wed Nov 2 13:40:28 CET 2016
Can anyone offer some configuration advice?
Our wireless deployment automatically assigns users to any one of around
20 client VLANS. We have a very small number of MAC addresses (currently
2) that for one reason or another need a static IP. We use RADIUS to
make sure they are put on one specific VLAN. This is currently done with
a MySQL table of MAC addresses and the following section in the post auth:
# Return a static vlan for those in the static IP group
if ("%{sql:SELECT COUNT(*) FROM eduroam_static WHERE
mac='%{Calling-Station-Id}'}" != 0) {
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-ID := 641
}
}
While this works quite nicely, I have two concerns. One is the
efficiency overhead. It is performing a SQL lookup on every auth just to
make sure 2 MAC addresses are put in the correct VLAN. The other is that
we do not have a resilient database server, so when that reboots for
patching my FreeRADIUS servers fall over.
Build a better database infrastructure is one solution, but I was
wondering if there is a better way of doing this?
Being such a small dataset, is it possible to maintain an array or list,
then use a function to say something like 'if (%{Calling-Station-Id} is
in list) {.....'?
I could make that if statement a big list of 'this mac or this mac
or...', but it could get messy. I would also like to keep the list of
special MAC addresses in its own file. This would allow us to deploy the
list via puppet.
My googling has not turned up anything like what I want, apart from the
mac2vlan file used by VPMS. Running a VPMS server seems like overkill too.
Any suggestions appreciated.
Yours
Dave Hartburn
More information about the Freeradius-Users
mailing list