Filtering VLAN assignmen in eduroam
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Tue Nov 24 15:48:29 CET 2015
Hi,
> I'm using freeradius 3.0.10 to authenticate eduroam connections.
>
> In my inner server I return attributes to assign VLAN to our
> internal users and I want these attributes to be filtered when the
> connection is from an external organization.
then best common practice is to create a new set of virtual servers
(eg eduroam and eduroam-inner-tunnel) and then any requests from your
national proxy servers get sent to those instead.....and all that
set of servers do is authenticate users and dont set VLANs etc - thus
you have a very easy, controlled policy AND you arent looking
up group membership etc etc - whereas what you propose is still looking
up group membership and then filtering it out (very inefficient!)
alan
More information about the Freeradius-Users
mailing list