assigning vlan based on NAS and LDAP field?

Kostas Kalevras kkalev at noc.ntua.gr
Fri Apr 13 11:42:40 CEST 2007


O/H Matt Ashfield έγραψε:
> HI all,
>
> We're using FR authenticating against LDAP to implement our wireless
> solution. Basically, we are looking at the LDAP field of record type and
> determining if it is a staff or a student, and assigning a vlan based on
> that. Pretty simple and it works. However, there are two issues with this:
>
> 1. We have a sister campus, on a different network, but who are sharing the
> same FR and LDAP servers for authentication. Obviously their NAS's are
> different than ours because we're in different physical locations and
> networks. With our current configuration, it looks like we have to define
> the exact same vlans id's and the same vlan eligibility rules (ie staff get
> vlan x and student get vlan y) in order for this to work. I guess I'm hoping
> there is a way to assign different vlans based on the NAS ip address in
> addition to the student/staff distinction.
>   
You can use multiple ldap module instances and set Autz-Type depending 
on the nas ip address (or better yet huntgroups)

> 2. This follows into our future wired side implementation of 802.1x. In this
> case, we don't want our staff/student wired users to be assigned to the same
> vlans as they would be if they were on wireless. Rather we'd prefer to break
> them up based on their NAS or something like that.
>
> Anyways, I realize this is quite an odd situation, but probably quite
> similar to what many EDU people are encountering. Any help/advice is greatly
> appreaciated.
>
> Thanks
>
> Matt
> mda at unb.ca 
>
>
>
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   




More information about the Freeradius-Users mailing list