How to assign vlan / manage different user groups

schilling schilling2006 at gmail.com
Tue Apr 5 16:42:26 CEST 2011


We are using wlan - freeradius - ldap too.
In the freeradius, you check ldap whether username is in student or
nonstudent group, then you need to send back either
IETF 64 65 81 or some vendor specific attributes

On the WLAN controller, you then either use the IETF 64 65 81 or
vendor specific attributes to drop the user session in the VLAN.

Schilling



On Tue, Apr 5, 2011 at 9:07 AM, Götz Reinicke - IT-Koordinator
<goetz.reinicke at filmakademie.de> wrote:
> Hi,
>
> may be someone can point me into the right direction:
>
> we do have a new wlan - freeradius - ldap setup and want to assign two
> main usergroups to two main wlans.
>
> Each wlan has an own vlan.
>
> We use cisco switches and APs and got a wlan controller.
>
> So far we do have different SSIDs and all users can access both WLANs
> with their username/password stored in our ldap.
>
> Now we'd like students only to be able to access the students WLAN and
> employees to access there WLAN.
>
> My question: Where is the point to start to configure such a setup?
>
> I think, somewhere there must be some sort of check if the user
> assceesing the e.g. student wlan is in the primary posixgroup student.
>
> Or do I have to 'send' the VLAN ID to the network devices?
>
>
> Thanks for any hint and best regards
>
>        Götz Reinicke
> --
> Götz Reinicke
> IT-Koordinator
>
> Tel. +49 7141 969 420
> Fax  +49 7141 969 55 420
> E-Mail goetz.reinicke at filmakademie.de
>
> Filmakademie Baden-Württemberg GmbH
> Akademiehof 10
> 71638 Ludwigsburg
> www.filmakademie.de
>
> Eintragung Amtsgericht Stuttgart HRB 205016
> Vorsitzende des Aufsichtsrats:
> Prof. Dr. Claudia Hübner
>
> Geschäftsführer:
> Prof. Thomas Schadt
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list