Best way to select multiple NAS-Port-Ids
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Apr 25 16:41:09 CEST 2013
On 25 Apr 2013, at 10:37, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> On 25 Apr 2013, at 08:54, Alan DeKok <aland at DEPLOYINGRADIUS.COM> wrote:
>
>> Franks Andy (RLZ) IT Systems Engineer wrote:
>>> I have a hopefully fairly straightforward question. We have a network
>>> switch, a procurve 5406 that we’re doing mac based port authentication
>>> on. The switch sends radius attributes including the NAS-Port-ID. I want
>>> to be able to reply with tagged and untagged vlans for the ports once
>>> authenticated, but the combination depends on the port. Lots of ports
>>> will likely have the same setup though, so I’d like to do something (I
>>> guess in the users file) like
>>>
>>> DEFAULT NAS-Port-ID == 1-12,
>>
>> That doesn't really work...
>>
>>> This would work ok, but the ports are named modularly, i.e. A1, A2 etc,
>>> up to usually F24 max, not just numerically. What’s the most elegant way
>>> of doing this?
>>
>> Badly. There's really no good solution to this.
>
<correction>
authorize{
if (!NAS-Port && ("%{tolower:NAS-Port-ID}" =~ /([a-z])([0-9]+)/i)) {
update request {
Tmp-String-0 := "%{1}"
}
update request {
Tmp-Integer-0 = "0x%{hex:Tmp-String-0}"
}
update request {
Nas-Port := "%{expr:( %{2} * 100 ) + %{Tmp-Integer-0}}"
}
}
}
DEFAULT NAS-Port >= <bar>, NAS-Port <= <bar>
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130425/324881dc/attachment.html>
More information about the Freeradius-Users
mailing list