Rules in policy.conf

[Martin Silvero]

for example in the policy file type:

 permit_only_eap {
                if (Calling-Station-Id==001f.3c22.674a) {
                       ...

                  here, depending on the mac, is due to the user a  VLAN
                }

this would be after the auntenticacion for PEAP-MSCHAPv2 with username
and password.


the idea is to authenticate users with LDAP, but once authenticated
check your Calling-Station-Id, and depends on the mac is due to a
specified VLAN