Plan assignment based on nas and ugroups

Alan DeKok aland at
Mon Jun 29 14:03:17 CEST 2020

On Jun 25, 2020, at 1:07 PM, Ganga R. Dhungyel <grdhungyel at> wrote:
> I am running freeradius-3.0.13-10 with sql backend on centos to authenticate and authorize users based on group membership. Now a new requirement to assign vlan based on group AND nas has come up and I am not sure what is the best way to accomplish this. Need something like: If nas is xyz  and user belong to group A, then reply with vlan id 10, else if nas is abc and user belongs to group  A, reply with vlan 100, else  reply with vlan 200.

  You can just do this in unlang statements.  If your users are in LDAP, just:

	if (NAS-IP-Address == && LDAP-Group == "foo") {
		update reply {
			Tunnel-Type = VLAN,
			Tunnel-Medium-Type = IEEE-802,
			Tunnel-Private-Group-Id = "10"


> Is using huntgroup and groupcheck the  best way to accomplish this? If so, what all need modifications. Example would be great. If not, what would be a better solution considering that I am using realm sql.
> My apologies if this has been answered before..browsed the list and really could not find the use case described.

  We don't have documentation which says exactly how to do every possible thing. Instead, we document how the server works.

  Alan DeKok.

More information about the Freeradius-Users mailing list