for example in the policy file type: permit_only_eap { if (Calling-Station-Id==001f.3c22.674a) { ... here, depending on the mac, is due to the user a VLAN } this would be after the auntenticacion for PEAP-MSCHAPv2 with username and password. the idea is to authenticate users with LDAP, but once authenticated check your Calling-Station-Id, and depends on the mac is due to a specified VLAN
the idea is to authenticate users with LDAP, but once authenticated check your Calling-Station-Id, and depends on the mac is due to a specified VLAN -
Why don't you do this in authorize section where this is normally done? Why do you want to do it in post-auth? You don't need policy.conf; unlang will do fine. Ivan Kalik Kalik Informatika ISP
participants (2)
-
Martin Silvero -
tnt@kalik.net