Best way to select multiple NAS-Port-Ids
Alan DeKok
aland at deployingradius.com
Thu Apr 25 14:54:56 CEST 2013
Franks Andy (RLZ) IT Systems Engineer wrote:
> I have a hopefully fairly straightforward question. We have a network
> switch, a procurve 5406 that we’re doing mac based port authentication
> on. The switch sends radius attributes including the NAS-Port-ID. I want
> to be able to reply with tagged and untagged vlans for the ports once
> authenticated, but the combination depends on the port. Lots of ports
> will likely have the same setup though, so I’d like to do something (I
> guess in the users file) like
>
> DEFAULT NAS-Port-ID == 1-12,
That doesn't really work...
> This would work ok, but the ports are named modularly, i.e. A1, A2 etc,
> up to usually F24 max, not just numerically. What’s the most elegant way
> of doing this?
Badly. There's really no good solution to this.
> I could do a wildcard match, but I think I’ve seen
> incompatibilities mentioned with possibly chap, which is what I’m using.
> Could have that wrong though. Is there a better way?
Nope. Regular expression matches are probably the simplest way of
doing it.
Alan DeKok.
More information about the Freeradius-Users
mailing list