Dynamic VLAN and FreeRadius

Thu May 22 17:49:50 CEST 2008

Alan, 

I possess a device from D-Link (DWS-3024). it is a wireless switch controler, and the documentation says that:
 - One SSID has to be affect to one VLAN on the profile.
 - An Access point could be configured with up to 8 ifferent SSIDs and it is possible to affect each SSID on its own network (below is a link which show you the config page) or all SSID on the same network.  maybe i didn't read it correctly, so here is the link (see page 89-90 and maybe 91 too.): ftp://ftp.dlink.fr/DWS/DWS-3024/Manuel/DWS-3000_Series_User_Manual_v2.00.pdf

i asked you stuffs about SSIDs/VLAN cause all my APs (about 30) will receive the same profile, and the profile will have 3 differents SSIDS with diffrents security access levels and network from the wireless switch. 

for example, in the same room, associated to the same AP, students and teachers will connect to diffrent SSIDs coming from that same AP, and some will have to athenticate via EAP-PEAP, other will require EAP-TLS.

this other short file explain point to point what is my config and waht i am trying to do:
ftp://ftp.dlink.fr/DWS/DWS-3024/QIG/QIG_DWS-3024_WPA2.pdf
read it and maybe you could understand me.

regards

Joel MBA OYONE wrote:
>>  No.  VLAN assignment is after SSID association, and after 802.1x
>> authentication.
> 
> OK, is it possible to associate in SSID_1 and be assigned to a different
> VLAN than the we are associated in ?

  That doesn't make sense.  SSID's aren't tied to VLANs, unless you
configure them that way.

> (exemple, when i am associated to
> SSID_1, which belongs to VLAN100,

  No... SSID's have nothing to do with VLAN's.

> RADIUS sends me
> "Tunnel-Private-Group-ID = 200", which belongs to another SSID, what
> would happen and would authentication process success?)

  Read your NAS documentation to see how to do VLAN assignment, and how
it interacts with SSID's.

> - if i am assigned to another couple of SSID/VLAN than the one i am
> connected now by RADIUS, would authentication process restart at the
> beginning?

  Stop talking about "SSID/VLAN".  They are separate things.

  When you do VLAN assignment with RADIUS, you do NOT need to
re-authenticate.

> - is it possible to do EAP-TLS, EAP-PEAP and EAP-MD5 without the use of
> 802.1x when RADIUS is the authentication Server for a supplicant?

  What does that mean?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités 
http://mail.yahoo.fr Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080522/82252264/attachment.html>