Load-Balance VLAN assignment via unlang

[Cotton, Jesse]

Thanks for the reply Scott. Not something I had considered however in our case it's not an issue since we aren't requiring clients to reauth. We are implementing this for our wired network. Our equipment, primarily Cisco 2960s do support a "group vlan" for load-balancing client distribution however it's not as easy to manage as a few lines within the radius config.

-----Original Message-----
From: freeradius-users-bounces+jesse.cotton=stockton.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jesse.cotton=stockton.edu at lists.freeradius.org] On Behalf Of Scott Armitage
Sent: Tuesday, July 17, 2012 8:29 AM
To: FreeRadius users mailing list
Subject: Re: Load-Balance VLAN assignment via unlang


On 17 Jul 2012, at 12:57, Cotton, Jesse wrote:

> Using FR as a central RADIUS server. One task it performs is dot1x auth. It forwards eap requests to one of several home servers which performs the auth and returns several attributes including Tunnel-Private-Group-Id. This attribute contains multiple values indicating one of several potential vlans a client can be put on. I would like perform simple load balancing by selecting one of the vlans randomly. I have the following within the post-auth section. What am I doing wrong? I have tried several variations. I know the syntax is incorrect but google has not been helpful. Thanks in advance.
> 
> 
> 
> 
> 
> if("%{reply:Tunnel-Private-Group-Id[#]}" > 1){
> 
>                update reply {
> 
>                        Tunnel-Private-Group-Id := %{reply:Tunnel-Private-Group-Id[%{rand:%{reply:Tunnel-Private-Group-Id[#]}}]}
> 
>                }
> 
> }
> 


Not a solution but some caveats.  If you are randomly returning a vlan, you could have clients bouncing around vlans when they reauth.  You may also achieve the same result using features in your wireless equipment.  For example if you have Cisco wireless you could use Vlan Select (and return the clan select group from the radius server).


Scott Armitage