dynamic VLANs for many switches

Alexander Clouter alex at digriz.org.uk
Thu Jun 10 14:37:29 CEST 2010

PENZ Robert <ROBERT.PENZ at tirol.gv.at> wrote:
> We've a quite big network and I want to assign VLANs dynamically based 
> on the MAC address, as backend I want to uses a SQL database.  My 
> problem now is that the VLAN IDs on different access switch stacks 
> (used Layer2 switches) are different for the same network area, e.g. 
> on switch1 vlan 123 is used for printers and on switch2 vlan124 is 
> used for printers. The reason for this is the Layer3 switch (which we 
> use as a distribution switch of the building) needs to be part of all 
> VLANs and we can't use one VLAN for a building as the subnet would get 
> too big.  A other requirement is that a device can roam between 
> different access switches(=floors and buildings), so the VLAN the 
> switch port should get set needs to be different, based on which 
> switch is making the request.
> This problem is easily solvable if I can use VLAN names in 
> Tunnel-Private-Group-ID tags, as I would set the name always e.g. to 
> printervlan. But in RFC 3580 is written:
>   Note that the VLANID is 12-bits, taking a value between 1 and 4094,
>   inclusive.  Since the Tunnel-Private-Group-ID is of type String as
>   defined in [RFC2868], for use with IEEE 802.1X, the VLANID integer
>   value is encoded as a string.
> So what is the recommended solution if I can use only the numerical 
> IDs. Thx for your help!
This is not a FreeRADIUS question, it is a NAS question and whether your 
NAS supports VLAN *names* rather than just numbers.

For the record, Cisco switches do support the use of names (if you have 
put it in your VLAN database), and their thick and thin AP's do too.  
YMMV with other venduhs though.

To be honest, the time it took you to send this email, you could have 
actually tested it on your equipment...*sigh*.


Alexander Clouter
.sigmonster says: Snow Day -- stay home.

More information about the Freeradius-Users mailing list