Multiple VLAN value per user
Germán Espinoza Tuesta
gr._et at hotmail.com
Wed Oct 25 17:44:32 CEST 2017
Thanks for feedback, I'm working with open source software (hostapd installed in OpenWRT). Hardware: Wireless access point TPLink WDR3600
Considering Tunnel-Private-Group-Id is a string, I may be able to modify hostapd source code to receive a syntax like the one you pointed:
Tunnel-Private-Group-Id = "t:101;t:102;t:103;t:555"
Best regards,
Germán Espinoza
> On Oct 25, 2017, at 10:23, Jason Ackley <jason at ackley.net> wrote:
>
> On Wed, Oct 25, 2017 at 8:44 AM, Germán Espinoza Tuesta
> <gr._et at hotmail.com> wrote:
>
>> Most of dynamic VLAN assignment implementations use these RADIUS attributes to work:
>>
>> Tunnel-Medium-Type = 6, #IEEE-802
>>
>> Tunnel-Private-Group-Id = "100"
>>
>> Is there a way for freeradius to return multiple values in Tunnel-Private-Group-Id.
>>
>> I'm working in a project where I want a user to belong to multiple vlans. At the moment, working with a sql database.
>
>
> This really depends more on what your specific NASes/clients can do
> than if FreeRADIUS can return multiple attribute-value-pairs.
>
> Since Tunnel-Private-Group-Id is a string - some device vendors
> support a syntax in the returned string that allows for
> tagging/multiple VLANs.
>
> An example for a Foundry/Brocade/Ruckus ICX/Arris is something like this:
>
> Tunnel-Private-Group-Id = "t:101;t:102;t:103;t:555;t:workstations"
>
> This will cause the port to be tagged in VLANs 101, 102, 103, 555, and
> whatever the VLAN named 'workstations' is on the switch (which can
> differ in 802.1q tag value per switch that authenticates).
>
> What vendor/NAS devices are you using? Have you checked with the
> vendor to determine what attribute-value-pairs they are expecting and
> if they support a tagging syntax? I have not seen much consistency in
> this area with other vendors - it seems most just stop at implementing
> the basics of 'We support dynamic VLAN via RADIUS' by allowing you to
> specify a VLAN ID for untagged traffic.
>
>
>
> --
> jason
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list