Best way to select multiple NAS-Port-Ids
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Apr 25 16:37:50 CEST 2013
On 25 Apr 2013, at 08:54, Alan DeKok <aland at DEPLOYINGRADIUS.COM> wrote:
> Franks Andy (RLZ) IT Systems Engineer wrote:
>> I have a hopefully fairly straightforward question. We have a network
>> switch, a procurve 5406 that we’re doing mac based port authentication
>> on. The switch sends radius attributes including the NAS-Port-ID. I want
>> to be able to reply with tagged and untagged vlans for the ports once
>> authenticated, but the combination depends on the port. Lots of ports
>> will likely have the same setup though, so I’d like to do something (I
>> guess in the users file) like
>>
>> DEFAULT NAS-Port-ID == 1-12,
>
> That doesn't really work...
>
>> This would work ok, but the ports are named modularly, i.e. A1, A2 etc,
>> up to usually F24 max, not just numerically. What’s the most elegant way
>> of doing this?
>
> Badly. There's really no good solution to this.
authorize{
if (!NAS-Port && ("%{tolower:NAS-Port-ID}" =~ /([a-z])([0-9]+)/i)) {
update request {
Tmp-String-0 := "%{1}"
}
update request {
Tmp-Integer-0 = "0x%{hex:Tmp-String-1}"
}
update request {
Nas-Port := "%{expr:( %{2} * 100 ) + %{Tmp-Integer-0}}"
}
}
}
DEFAULT NAS-Port >= <bar>, NAS-Port <= <bar>
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list