MAC based Vlan problem
Alan DeKok
aland at deployingradius.com
Fri Mar 19 15:59:31 CET 2010
Dr.Peer-Joachim Koch wrote:
> Hi,
>
> we're using freeradius to switch different computer into various
> vlans on our switches. We have had a working configuration for
> freeradius 1.x, but for 2.1.6 (running on SLES) this configuration is
> working different.
> We're including a file looking like this:
> -------------------
> # VLAN 14
> #
> #
> DEFAULT
> Tunnel-Private-Group-ID = 14,
> Foundry-802_1x-enable = 0,
> Fall-Through = 1
> #
> aaabbbcccddd User-Password == "aaabbbcccddd"
Change this to: Cleartext-Password := "...."
If you run the server in debugging mode, it will print a message
saying you need to do this.
> # VLAN 15
> #
> #
> DEFAULT
> Tunnel-Private-Group-ID = 15,
> Foundry-802_1x-enable = 0,
> Fall-Through = 1
> #
> bbbcccdddaaa User-Password == "bbbcccdddaaa"
Fix this, too.
> On the new freeradius *all* valid mac addresses are
> getting the vlan Tunnel-Private-Group-ID from the
> first statement. All other vlan id's are ignored.
That's pretty much what the "users" file says to do. See "man users".
What you want is to use the ":=" operator in the section section. Maybe.
> The advantage was, to group all mac according to the vlan-id.
But you're not doing that. What I *think* you want is "mac list A in
vlan A", and "mac list B in vlan B".
> Is there a way to group the mac addresses with one header ?
See "man rlm_passwd" for a way to create groups of arbitrary objects.
Alan DeKok.
More information about the Freeradius-Users
mailing list