Freeradius + DHCP +vlans ???
tnt at kalik.co.yu
tnt at kalik.co.yu
Thu Jul 26 15:09:27 CEST 2007
Are you sure? Type:
ip dhcp pool whatever(pool name)
in configuration mode and you should go into dhcp pool configuration. You
should be able to configure IP range (network), gateway
(derfault-router) and DNS (dns-server) from there. I am sure dhcp is
included in IOS.
Ivan Kalik
Kalik Informatika ISP
Dana 26/7/2007, "George Beitis" <george.beitis at gmail.com> piše:
>Hey Ivan
>no i dont have to use an external one, but it seems like the only choice
>as the Aironet 1200 access point does not come with one bundled it,
>which would have made my life easier, but on the other hand it wouldn't
>be extensible or simulate a real life case
>
>thanks for your reply
>regards
>George
>
>tnt at kalik.co.yu wrote:
>> Do you have to use an external DHCP server (project requirement)? Aironet
>> has one (Cisco IOS). You can define DHCP pools on the AP and pass avpair
>> for the pool with your vlan configuration from Freeradius. You can also
>> do away withDHCP, define ip_pools in Freeradius and pass addresses, DNS
>> etc. with vlan configuration directly from radius.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 26/7/2007, "George Beitis" <george.beitis at gmail.com> piše:
>>
>>
>>> Dear Phil
>>> Firstly thank you for taking the time to reply and for your straight
>>> forward reply to this matter. I 'm doing this as part of my MSc
>>> project, well this is actually part of the initial setup, not the
>>> project it self, and i have in my disposal a limited number of
>>> devices. I borrowed a cisco aeronet 1200 access point from my
>>> department, which supports vlans and i also have a linksys router
>>> (wrt54gl) (which i will use as a switch) and i have an old computer with
>>> one ethernet card which i intend to install freeradius on and a dhcp
>>> server. From there on i might add some more devices each belonging to a
>>> different vlan.
>>>
>>> My thinking from what you said is to setup the vlans/tunnels on the
>>> access point, setup freeradius and then run a dhcp server on the old
>>> computer. If i want to add the dhcp server to many virtual lans do i
>>> need to create some sort of virtual interface for each? Or does the
>>> router need to be aware of where to forward dhcp packets coming from
>>> different vlans?
>>>
>>> thank you for your help
>>>
>>> regards
>>> George
>>>
>>> Phil Mayers wrote:
>>>
>>>> On Thu, 2007-07-26 at 02:00 +0100, George Beitis wrote:
>>>>
>>>>
>>>>> Hey guys
>>>>> I am a bit new to the scene and i am having a few problems with
>>>>> configuring freeradius. In essence what i want is that the user, once
>>>>> verified to be assigned to a specific vlan and get an ip address from a
>>>>> dhcp server, which will be aware of the vlans and there for assign
>>>>> different address and subnets to each. Does this scenario make any
>>>>>
>>>>>
>>>> yes
>>>>
>>>>
>>>>
>>>>> sense? Will it be the freeradius server that will be notifying the dhcp
>>>>> server to aquire an address for the client? Will the dhcp server then
>>>>>
>>>>>
>>>> No
>>>>
>>>>
>>>>
>>>>> contact the access point to let it know what address the client has been
>>>>> given and it in its turn give it to the client? Or will it be that the
>>>>>
>>>>>
>>>> No
>>>>
>>>>
>>>>
>>>>> access point will contact the dhcp server once it has the reply from the
>>>>> freeradius server, giving it the vlan id/number and requesting an ip
>>>>> address and other info?
>>>>>
>>>>>
>>>> No
>>>>
>>>> The way it works is:
>>>>
>>>> 1. Client does either 802.1x
>>>> 2. Access point forwards authentication to radius server
>>>> 3. Multiple 802.1x round-trips between client and radius server, via AP
>>>> 4. When authentication is complete, the radius server returns an
>>>> Access-Accept with the vlan tag
>>>> 5. Access point reads the vlan tag, assigns it
>>>> 6. Client brings up it's IP stack, and emits a DHCP DISCOVER
>>>> 7. AP forwards the clients packet into the vlan at layer2
>>>> 8. The vlan/subnet router forwards the DHCP DISCOVER to the DHCP server
>>>> 9. DHCP server assigns an IP address based on source subnet & mac
>>>> address
>>>>
>>>> There's no interaction between DHCP and Radius, no interaction between a
>>>> layer2 access point and DHCP (possibly dhcp option-82 insertion), and no
>>>> real interaction with a layer2 access point and any IP protocol.
>>>>
>>>> Basically - you just configure the AP with >1 vlan, configure a router
>>>> for each VLAN with dhcp relay enabled, and configure the radius server
>>>> to tell the AP the right vlan number.
>>>>
>>>> BEWARE: not all APs support vlan assignment.
>>>>
>>>>
>>>>
>>>>
>>>>> Is this the right or wrong way of going about this?
>>>>>
>>>>> regards
>>>>> George
>>>>> -
>>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>>>
>>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>>
>>>>
>>>>
>>>>
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>
>>>
>>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list