suggestions for multiple vlans in hundreds of switches
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Sat Apr 21 16:27:04 CEST 2007
Phil Mayers wrote:
> Arran Cudbard-Bell wrote:
>
>>> This could also be done cleaner (but slower) with cleverly designed SQL
>>> tables or stored procedures
>>>
>>>
>> Yeah, complex sql really can be quite slow, specially when the queries
>> are being run multiple times for all the rounds required in eap
>> authentication.
>>
>
>
> You've seen Alans hint re: only running on the tunnel so that helps there.
>
>
>> I use a second instance of preprocess to read a second hints file called
>> 'nas_hints' this uses dynamic sql queries to grab extra nas_attributes
>> from the server.
>>
>
> That's a clever trick.
>
> One of the main advantages of the rlm_passwd module is that it can add
> items to the *request* as well as the config and reply items. It would
> be extremely handy if the SQL module could do this too.
>
> Specifically I can think of uses for 2-pass SQL queries where one would
> want to use data returned from the 1st query in the 2nd. This is
> basically impossible to do without using stored procedures at the moment.
>
> Regarding your bitmask trick - maybe there's a use for bitwise
> operators, e.g.:
>
> # NAS-Features - integer bitfield
> # 128 - router, admins only
> # 64 - do vlan assignment
> # 32 - do IP assignment
>
> DEFAULT NAS-Features & 128, SQL-Group != "ADMINS", Auth-Type := Reject
> Reply-Message = "admins only"
>
> DEFAULT NAS-Features & 64
> Tunnel-Private-Group-Id = `%{sql:select vlan('%{NAS-IP-Address}',
> '%{User-Name}')}`
> Fall-Through = Yes
>
> DEFAULT NAS-Features & 32, Pool-Name := "something"
>
> ...and so on
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Yes !!!
I didn't know freeradius supported bitwise operators ! They're not
listed anywhere so I assumed you couldn't use them ?!
Ohh this makes things so much neater :)
Thanks Phil
More information about the Freeradius-Users
mailing list