Using freeradius and 802.1x for dynamic VLAN
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Oct 15 23:57:45 CEST 2007
Hi,
> carlos User-Password == "carlos"
> Service-Type = Framed-User,
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = 2
>
> saul User-Password == "saul"
> Service-Type = Framed-User,
> Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-ID = 4
>
> +++++++++++++++++++++++++++++++++++++++++++++
>
> Now the problem is that: The PC client (WindowsXP) is connected to the
> port 17 for that it is included in the vlan 4. When I intro the user:
> carlos and his password: carlos it shouldn't autenticate becauses it
> user is asigned to the vlan 2. But the problem is that the user is
> autenticate and has access to the vlan4.
>
> My conclution is that: Tunnel-Type = VLAN,
> Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-Id = 2
> don work.
err, no. not at all. with the config that you have posted what you are saying
is 'if the user is Carlos and the password is correct then set the vlan to be 2'
you certainly arent checking that the VLAN is 2 - and if it isnt then fail
the authentication. i can understand what you are trying to do...but do do THAT sort of
thing you will need to use checking attributes, not setting attributes.
you should find that the port which carlos is attached to is being put onto
VLAN 2 is the config is correct.
alan
More information about the Freeradius-Users
mailing list