IPs will not be assigned
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 29 16:24:23 CEST 2011
On 04/29/2011 01:30 PM, subcode wrote:
> Hi Phil,
> thank you for your answer, but my AP don't supported vlan assignment. It's a
Agh, sorry. What I meant to say was:
"IP assignment on wireless networks is with DHCP, not Radius"
> simple Vodafone EasyBox803 Router and I use it only as Access Point. Do you
> know another way to make that? I describe you what i want to do.
>
> My goal is that, when some customer buy a coffee, he recive an Account with
> User and Password.
> Users are assigned to a Group with Permissions (Low, Mi, Hi). Low Permission
> is HTTP/s Access, Mi is Low+FTP/s+IMAP/s and Hi is all Protocols. So, Low
> Group should have IP-Range 192.168.1.0/24, Mi IP-Range 192.168.2.0/24 and Hi
> 192.168.3.0/24.
As above: you must use DHCP for IP assignment, and DHCP normally keys
off a combination of the source network, and client ethernet address.
Choices are:
a. record/register the clients ethernet address (tedious and error-prone)
b. when a username authenticates, extract the ethernet address and
send it to the DHCP server (not easy)
c. use vlan assignment; then the DHCP server just hands out IPs
per-vlan (you can't do this)
d. don't use IP address for filtering; instead, set the ACL in the
radius reply (maybe your NAS can do this)
As Alex has noted, FreeRADIUS does contain support for also being a DHCP
server. You could in theory use this to achieve option b. - "sending" in
this case would just involve some kind of database which both the 802.1x
and DHCP bits of FreeRADIUS use. I don't know of any recipes for this
however.
More information about the Freeradius-Users
mailing list