suggestions for multiple vlans in hundreds of switches

[Phil Mayers]

Arran Cudbard-Bell wrote:
> 
> Wow this is going to speed stuff up so much !

We use this trick extensively. It works really well.

> Ahh yes, I just got how this could work... because to deal with the 
> contents of the eap tunnel freeradius proxies it to itself...

Yes. And if you set "copy_request_to_tunnel = yes" the attributes from 
the real packet get copied to the tunneled one - e.g. NAS-IP-Address, 
NAS-Port, etc. so you can still act on those attributes.

> And though your only writing the reply attributes to the tunnel , when 
> the tunneled request comes back,
> the attributes will be used in the main packet sent back to the NAS, 
> including the eap message from the proxied request ...

Provided you have "use_tunneled_reply = yes"

> 
> Is the proxying to self new behaviour ?

No

> 
> I know the Authz-Type and Auth-Type stuff is only in CVS so you must not 
> have been able to do it in 1.1* ?

Erm, no. They've been around a long time.