Deleting VLAN information while proxying

Tomasz Wolniewicz Tomasz.Wolniewicz at
Thu Feb 9 22:33:25 CET 2006

AL.M.Buxey at wrote:
> I cant see WHY the VLAN info needs to reach other sites at all...perhaps
> the National Proxy should be stripping out such things? anyway, if memory 
  your logic sounds fine but it has two flaws:
1. you should not depend on someone whom you cannot control to do the
work for you.
2. some countries already made decisions that the national proxy MUST
NOT interfere with the stuff sent
in the radius packets. It was argued by some colleagues that for
instance two institutions could have an explicit agreement and honor
each other's VLAN settings.

Actually we did manage do fix that thing using rlm_perl in postauth
section. rlm_perl was hacked a bit so that it would be able to delete

I really think that this is a perfectly natural need to be able to
control attributes sent when the request comes from am outside proxy.
The approach based on NAS IP Address is not correct, since NAS addresses
are often from private address space and can repeat in various institutions.


More information about the Freeradius-Users mailing list