Check Chillispot-VLAN-Id

Alan DeKok aland at
Wed Nov 6 03:25:42 CET 2013

Stuart Baggs wrote:
> I was thinking of having a custom check attribute in the radgroupreply table with something like Permitted-VLANS := 1,2,3,4

  Why?  The documentation doesn't say that you can specify multiple
values for an attribute.

> All I need free radius to do is ignore the check if there is not Permitted-VLANS attribute for that user or, if specified, make sure Chillispot-VLAN-Id is contained within Permitted-VLANS.

  That is entirely the wrong approach.  You've invented some behavior,
and are hoping that the server magically supports it.

  Instead, you need to find out what the server does, and then figure
out how to configure the server to do what you want.

  See "man rlm_passwd" for examples of creating sets.  You should be
able to map a user to a set of allowed VLANs.

  Alan DeKok.

More information about the Freeradius-Users mailing list