Alan DeKok a écrit :
Your examples are pretty close to "do stuff when I see stuff". It's a grammatically correct English sentence, but nearly meaningless.
Alan DeKok.
-
Ok, So I will try to make myself clear. Here is one policy that I wish to make work. 1- a client connects to a 802.1x protected VLAN ID 10 ( per port basis configuration on the switch) --> this client has some of the following LDAP attributes: uid = bobalice radiusTunnelPrivateGroupID = 20 radiusTunnelType = VLAN radiusMediumType = IEEE-802 radiusCallingStationId = 00-21-42-42-87-b1 radiusUserCategory = ADMIN 2- Fisrt I want to checkthe following attributes, and if not correct, reject the user: radiusTunnelType = VLAN radiusMediumType = IEEE-802 radiusCallingStationId = 00-21-42-42-87-b1 radiusUserCategory = ADMIN 3- Then I want to authenticate and authorise the user if login/password are correct 4 - Then Move him into the appropriate VLAN ID 20 instead of ID10 based on this attribute: radiusTunnelPrivateGroupID = 20 For now, I only have been able to make work the RadiusCallingStationId using checkval. Hoping this is much much more precise and clearer, I really wish to discover what am I missing. Best Regards, Matt