26 Oct
2006
26 Oct
'06
4:39 p.m.
Hi,
authenticate correctly and he'd be given access at this point. But if we could get Radius to check and LDAP field which say which vlan he has access to, and allow or deny access to the network if the user is not currently in that vlan, then I guess that would be the ideal solution.
thats exactly one way to do it - use the LDAP checking for group attribute. other ways depend on how your directory is configured, do you have other attributes, are the userid's obvious etc? rlm_perl can then be used, for example to query and set the VLAN attribute correctly (if the WLAN kit supports such attributes) alan