2) " set the switch to use RADIUS return attributes for VLAN (and for session time etc)<br>
and set the fail VLAN and guest VLAN to Y" => that's really what i want to do so in my users file<br> <br>myuser Cleartext-Password := "user"<br> Tunnel-type = VLAN,<br> Tunnel-Medium-Type = 802,<br>
Tunnel-Private-Group-ID = "666" <br> Session-Timeout = "28800"<br> Termination-Action = "RADIUS-Request"<br><br>but how to set the fail VLAN and guest VLAN to Y ???<br>
<br>many thanks<br><br>PS: "you should never use VLAN1 for users - most would say you shouldnt use VLAN1<br>
for anything on cisco kit - its the default native vlan." => sure!!!<br><br><br><div class="gmail_quote">2010/3/3 Alan Buxey <span dir="ltr"><<a href="mailto:A.L.M.Buxey@lboro.ac.uk">A.L.M.Buxey@lboro.ac.uk</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
<div><div></div><div class="h5">> Hello,<br>
><br>
> so i would like to redirect my winxp authenticated to VLAN1 and if not authenticated , this client must be in vlan2<br>
><br>
> i got a switch cisco<br>
><br>
> so how to handla this with freeradius?<br>
<br>
<br>
</div></div>read the cisco docs on dealing with 802.1X.<br>
<br>
you should never use VLAN1 for users - most would say you shouldnt use VLAN1<br>
for anything on cisco kit - its the default native vlan.<br>
<br>
<br>
what you need to do is set the port on the switch to do 802.1X...then you can either<br>
do the following<br>
<br>
<br>
1) set the access vlan to X, then se the fail VLAN to Y and the guest VLAN to Y<br>
<br>
or (my preferred way)<br>
<br>
2) set the switch to use RADIUS return attributes for VLAN (and for session time etc)<br>
and set the fail VLAN and guest VLAN to Y<br>
<br>
<br>
where X is the access vlan for auth and Y is the chosen fail vlan<br>
<br>
<br>
why do method 2? well, its then easy/quick to change the VLAN returned to the switch<br>
no matter where on campus/site/infrastructure - its all done via decisions made<br>
on the radius server.<br>
<br>
<br>
the return attributeS?<br>
<br>
<br>
'Tunnel-Medium-Type'} = "IEEE-802"<br>
'Tunnel-Type' = "VLAN"<br>
'Tunnel-Private-Group-Id' = "666"<br>
'Session-Timeout' = "28800"<br>
'Termination-Action' = "RADIUS-Request"<br>
<br>
that would set the VLAN to be 666 with an 8 hour timeout.<br>
<br>
these can be set via users file, SQL, perl, python etc. we use a PERL script in the post-auth section<br>
<font color="#888888"><br>
<br>
<br>
alan<br>
</font><div><div></div><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>