VLAN ID based on VSAs
Stefano Zanmarchi
zanmarchi at gmail.com
Mon Mar 5 10:38:11 CET 2012
Hi,
my first post here, a newbie question, thanks for your help.
I'm going to set up two freeradius servers (2.1.7 on RHEL 5.5).
ServerB will be connected to an AP and I want it to proxy all EAP
requests to serverA (TTLS-PAP
will be the only method accepted) which will do authentication using
an OpenLDAP backend.
My question:
I'd like to configure serverA to include in the Access-Accept packet
some AVPs which are specific
to my Organization, like department_name, employee_role (I believe
these are the so called VSAs),
and I'd like serverB to perform some if-then-else logic on these VSAs
to dinamically calculate the
VLAN-ID to return to the AP.
Is this possible (in a simple way)? Is it a common set up?
Thanks,
Stefano
More information about the Freeradius-Users
mailing list