Radius+Ldap:Allow the same host in multiple vlans
Ramon Escriba
escriba at cells.es
Thu Sep 30 17:05:01 CEST 2010
Hi Alan,
Then does it possible to do a general match rule in huntgroups to lets say
"the 35 first ports belong to a vlan A" and the rest "36 to 48" to vlan B,or
not?
business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 1-35
IT NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 36-48
Do I have to manually insert one by one? I've +2000 ports active, I hope do
not have to.... ;-)
I did a little change in huntgroups to check that:
XXX NAS-IP-Address == aaa.bbb.ccc.ddd, NAS-Port == 33-50
But without success.
/etc/raddb/huntgroups[77]: Parse error (check) for entry XXX: Unknown value
33-50 for attribute NAS-Port
Do I need some "ulang/whatever scripting" to make the "NAS-Port" matching
possible?
I saw "#business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 0-7"
and the like in many huntgroups examples
(including the freeradius hungroups file templates examples). Are they
wrong?
Thanks.
-----Original Message-----
From: freeradius-users-bounces+escriba=cells.es at lists.freeradius.org
[mailto:freeradius-users-bounces+escriba=cells.es at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: jueves, 30 de septiembre de 2010 15:53
To: FreeRadius users mailing list
Subject: Re: Radius+Ldap:Allow the same host in multiple vlans
Ramon Escriba wrote:
> By the way, in some of the cases the switch-ip, even switch+port, is
> the key, so huntgroups does the job but only partially.
>
> This works (original huntgroups example):
> #business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 1
>
> But not this:
> #business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 1-7
>
> Why?
NAS-Port-Id is a string, not an integer. NAS-Port is an integer.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list