assigning vlan based on NAS and LDAP field?
mda at unb.ca
Thu Apr 12 15:51:22 CEST 2007
We're using FR authenticating against LDAP to implement our wireless
solution. Basically, we are looking at the LDAP field of record type and
determining if it is a staff or a student, and assigning a vlan based on
that. Pretty simple and it works. However, there are two issues with this:
1. We have a sister campus, on a different network, but who are sharing the
same FR and LDAP servers for authentication. Obviously their NAS's are
different than ours because we're in different physical locations and
networks. With our current configuration, it looks like we have to define
the exact same vlans id's and the same vlan eligibility rules (ie staff get
vlan x and student get vlan y) in order for this to work. I guess I'm hoping
there is a way to assign different vlans based on the NAS ip address in
addition to the student/staff distinction.
2. This follows into our future wired side implementation of 802.1x. In this
case, we don't want our staff/student wired users to be assigned to the same
vlans as they would be if they were on wireless. Rather we'd prefer to break
them up based on their NAS or something like that.
Anyways, I realize this is quite an odd situation, but probably quite
similar to what many EDU people are encountering. Any help/advice is greatly
mda at unb.ca
More information about the Freeradius-Users