WLAN SSID:

Helmut Tröbs Helmut.Troebs at lrz.de
Wed Aug 18 14:12:55 CEST 2010 

Hello,

i think it can be done in many ways.
 e.g. manage it with a external script:


sites-enabled/default:

  post-auth {
	if ( Colubris-AVPair == "ssid=guest-wlan" ) {
		setvlan
	}
  }

module/setvlan:

exec setvlan {
        wait = yes
        program = ".../setvlan"
        input_pairs = request
        output_pairs = reply
        shell_escape = yes
}

.../setvlan:

#!/usr/bin/perl
$vlan = "vlan-id=111";
print "Colubris-AVPair = $vlan";


regards

Helmut Troebs

> I configured freeradius to authenticate my WLAN Clients over Active
> Directory. Depending on the Group Membership. Also i configured multiple
> SSIDs on my WLAN switch, so a client request in freeradis debug output
> includes the following Attributes:
> 
> rad_recv: Access-Request packet from host 172.21.254.100 port 32775,
> id=40, length=402
>         Acct-Multi-Session-Id =
> "00-0F-61-50-B7-B0-00-21-5C-40-BD-77-4C-6B-A5-8B-00-04-72-98"
>         Acct-Session-Id = "4295d4b3-00000118"
>         NAS-Port = 275
>         NAS-Port-Type = Wireless-802.11
>         NAS-Identifier = "msm710"
>         NAS-IP-Address = 172.21.254.101
>         Framed-MTU = 1496
>         User-Name = "myDomain\\myUser"
>         Calling-Station-Id = "00-21-5C-40-BD-77"
>         Called-Station-Id = "00-0F-61-50-B7-B0"
>         Service-Type = Framed-User
>         EAP-Message =
> 0x0277002d1900170301002293ed3bcfbb751eb66e4c737a442b8a2cf55f4a7812bfc8829d4a00049e221bce4309
> 
>         State = 0x50052ead557237c49cf458a2fbedd583
>         Colubris-AVPair = "ssid=guest-wlan"
>         Colubris-AVPair = "incoming-vlan-id=152"
>         Colubris-AVPair = "group=internal"
>         Colubris-AVPair = "vsc-unique-id=1"
>         Colubris-AVPair = "phytype=IEEE802dot11g"
>         Colubris-Attr-250 = 0x00000002
>         Colubris-Attr-249 = 0xac157909
>         Message-Authenticator = 0x8d9162f11111ae7f047641224f07213a
> 
> My goal is to move authorized users depending on the SSID to a different
> VLAN, i tried the following in the "hints" file, but that does not work,
> can somebody help me?
> 
> DEFAULT Colubris-AVPair =~ ".*guest-wlan.*"
>         Reply-Message = "Hints",
>         Framed-Protocol = "PPP",
>         Service-Type = "Framed",
>         Tunnel-Type := "VLAN",
>         Tunnel-Medium-Type := "IEEE-802",
>         Tunnel-Private-Group-Id := "120"
> 
> I Expected that the Attributes set in the "hints" file and the ones set
> in the "users" file are merged in the reply from freeradius, but that
> seems not so.
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list