Multiple VLAN value per user

Germán Espinoza Tuesta gr._et at hotmail.com
Wed Oct 25 17:44:32 CEST 2017 

Thanks for feedback, I'm working with open source software (hostapd installed in OpenWRT). Hardware: Wireless access point TPLink WDR3600

Considering Tunnel-Private-Group-Id is a string, I may be able to modify hostapd source code to receive a syntax like the one you pointed:

Tunnel-Private-Group-Id = "t:101;t:102;t:103;t:555"

Best regards,

Germán Espinoza 

> On Oct 25, 2017, at 10:23, Jason Ackley <jason at ackley.net> wrote:
> 
> On Wed, Oct 25, 2017 at 8:44 AM, Germán Espinoza Tuesta
> <gr._et at hotmail.com> wrote:
> 
>> Most of dynamic VLAN assignment implementations use these RADIUS attributes to work:
>> 
>> Tunnel-Medium-Type = 6,   #IEEE-802
>> 
>> Tunnel-Private-Group-Id = "100"
>> 
>> Is there a way for freeradius to return multiple values in Tunnel-Private-Group-Id.
>> 
>> I'm working in a project where I want a user to belong to multiple vlans. At the moment, working with a sql database.
> 
> 
> This really depends more on what your specific NASes/clients can do
> than if FreeRADIUS can return multiple attribute-value-pairs.
> 
> Since Tunnel-Private-Group-Id is a string - some device vendors
> support a syntax in the returned string that allows for
> tagging/multiple VLANs.
> 
> An example for a Foundry/Brocade/Ruckus ICX/Arris is something like this:
> 
>   Tunnel-Private-Group-Id = "t:101;t:102;t:103;t:555;t:workstations"
> 
> This will cause the port to be tagged in VLANs 101, 102, 103, 555, and
> whatever the VLAN named 'workstations' is on the switch (which can
> differ in 802.1q tag value per switch that authenticates).
> 
> What vendor/NAS devices are you using? Have you checked with the
> vendor to determine what attribute-value-pairs they are expecting and
> if they support a tagging syntax? I have not seen much consistency in
> this area with other vendors - it seems most just stop at implementing
> the basics of 'We support dynamic VLAN via RADIUS' by allowing you to
> specify a VLAN ID for untagged traffic.
> 
> 
> 
> --
> jason
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list