Virtual server by client data

Fajar A. Nugraha list at
Wed Aug 29 11:15:14 CEST 2012

On Wed, Aug 29, 2012 at 3:46 PM, BILLOT
<emmanuel.billot at> wrote:

>> (2) If the request is plain PAP/MSCHAP, you should be able to tell the
>> default virtual server to proxy it to another virtual server using
>> unlang and Proxy-To-Realm
> It is. (EAP/TTLS with PAP) I can't see what you mean here.

proxy.conf says

        #       If you specify a virtual_server here, then requests
        #       will be proxied internally to that virtual server.
        #       These requests CANNOT be proxied again, however.

I'm not sure if EAP/TTLS's use of inner-tunnel qualifies as "proxied
again". I assume it is.

I might be wrong though, in which case you can try

if ( check_whatever_attribute_your_NAS_sends_that_contains_client_VLAN ) {
                update control {
                        Proxy-To-Realm := "realm_of_the_virtual_server"

>> (3) use the same virtual server, but do selective processing (with
>> unlang) based on some attributes that the NAS sends. e.g. if an
>> attribute has value A, call module sql1, while if the value is B, call
>> module sql2.
> This is a way but i'd like to use 2 differents config (config should change
> in futur for each vlan)

IMHO this is the best method, which should be sufficient for most needs.


More information about the Freeradius-Users mailing list