suggestions for multiple vlans in hundreds of switches
Donny Jekels
djekels at gmail.com
Thu Apr 19 15:57:26 CEST 2007
you could extend your ldap schema and add a field for the vlan a user should
belong too.
then all you would need is to query that field and propogate the variable.
"Tunnel-Private-Group-Id=`%{private-vlan}`"
On 4/19/07, Matt Ashfield <mda at unb.ca> wrote:
>
> Hi,
>
> We'd like to use FR to assign users on our wired network to one of 30
> different vlans on campus, based on an LDAP field. Currently, we are doing
> this with huntgroups. Namely, we create a huntgroup for the NAS (in our
> case, a network switch), and then in the users file, we put the following:
>
> DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == staff
> User-Name=`%{User-Name}`,
> Tunnel-Private-Group-Id=176,
> Tunnel-Type=VLAN,
> Fall-Through = no
>
> DEFAULT Huntgroup-Name == mySWITCH1, Ldap-Group == student
> User-Name=`%{User-Name}`,
> Tunnel-Private-Group-Id=177,
> Tunnel-Type=VLAN,
> Fall-Through = no
> And so on...for other groups of user like faculty, admin, etc..
>
> This seems to work. The issue is scale. I have would conceivably have to
> have a huntgroup definition in the huntgroups file for each NAS. And if I
> wanted 30 vlans, I'd have to have 30 definitions like the ones above in my
> users file for EACH one of my NAS's.
>
> I'm sure there's a simpler way of doing things that I'm missing. Any
> advice
> is appreciated.
>
> Thanks
>
>
> Matt
> mda at unb.ca
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070419/f6369aa6/attachment.html>
More information about the Freeradius-Users
mailing list