Dynamic VLAN and FreeRadius

Alan DeKok aland at deployingradius.com
Thu May 22 17:01:02 CEST 2008

Joel MBA OYONE wrote:
>>  No.  VLAN assignment is after SSID association, and after 802.1x
>> authentication.
> OK, is it possible to associate in SSID_1 and be assigned to a different
> VLAN than the we are associated in ?

  That doesn't make sense.  SSID's aren't tied to VLANs, unless you
configure them that way.

> (exemple, when i am associated to
> SSID_1, which belongs to VLAN100,

  No... SSID's have nothing to do with VLAN's.

> RADIUS sends me
> "Tunnel-Private-Group-ID = 200", which belongs to another SSID, what
> would happen and would authentication process success?)

  Read your NAS documentation to see how to do VLAN assignment, and how
it interacts with SSID's.

> - if i am assigned to another couple of SSID/VLAN than the one i am
> connected now by RADIUS, would authentication process restart at the
> beginning?

  Stop talking about "SSID/VLAN".  They are separate things.

  When you do VLAN assignment with RADIUS, you do NOT need to

> - is it possible to do EAP-TLS, EAP-PEAP and EAP-MD5 without the use of
> 802.1x when RADIUS is the authentication Server for a supplicant?

  What does that mean?

  Alan DeKok.

More information about the Freeradius-Users mailing list