assigning vlan based on LDAP attribute
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Wed Sep 27 21:16:48 CEST 2006
> I think part of my problem is that I do not have the vlans defined in the
> Access Point. I incorrectly assumed that the AP would receive the vlan info
> from the Radius server, and tag all outgoing packets from the wireless
> client with that tag. However, I'm starting to think that that is completely
> incorrect?! I should probably be creating all the vlans within the AP right?
It really depends on your Access Point.
I use a Strix access point on which you do not have to define the vlans
on the AP: you only have to set the interface to trunk mode (Tagged)
and the AP uses the vlan assigned by the radius server for the wireless
client.
=> this is the most common scenario
However on my Proxim AP2000, I have to define some hidden SSIDs to the
several vlans that can be affected by the radius server:
* the wireless client authenticates itself to the braodcasted SSID
(statically assigned a wrong vlan)
* the radius server replies Access-Accept and assigns the vlan tag
* the AP transparently retries an authentication of the client on the
hidden SSID that corresponds to this vlan
As you can see everything depends on your AP features.
> If that's the case, it looks like I need a separate SSID per Vlan (using
> Avaya gear here). I really hope that is not the case
First of all, you have to determin if the radius server is replying
Access-Accept and assigning the vlan tag. See the radiusd -X log.
Thibault
More information about the Freeradius-Users
mailing list