Setting VLAN based on ldap attribute id

Arran Cudbard-Bell a.cudbardb at
Thu Jun 20 14:53:32 CEST 2013

On 20 Jun 2013, at 13:25, Thomas Hermarij Maimann Andersen <than at> wrote:

> Hi,
> I've been reading the mailing list for a few days and tried to see if there are any posts resempling mine. There are a few "almost" but noting that has got me that final step.
> Currently i have a radius server authenticating with ntlm to an AD.
> What I wan't now, is to assign a VLAN to the user based on ExtensionAttribute1, which is set to a numeric value which represents the VLAN id. E.g. 1001
> I am currently messing with sites-enabled/default in the post-auth section where I try to set Tunnel-Private-Group-Id to the number they have in their attribute, but I have no clue on how to link that.

Use git HEAD:

There's an example of setting the the VLAN in the default configuration.

In post-auth you can add something like

if (reply:Tunnel-Private-Group-ID) {
	update reply {
		Tunnel-Type := "VLAN"
		Tunnel-Medium-Type := "IEEE-802"

Or in v2 you can use the attrmap file (and the above). Or the above and LDAP xlat.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list