Freeradius dynamic vlan assignment
Ben
ben at msdos.fr
Tue Apr 28 14:45:24 CEST 2020
Yes
The parameter here for "Tunnel-Private-Group-ID" if for the "untag".
The new parameters to put are :
*_with the name of the vlan :_*
*/Egress-VLAN-Name/* (instead of Tunnel-Private-Group-ID)
and 1voice (to tag the vlan "voice") and 2user (to untag the vlan "user")
or *_you can choose the "hex" style which means to use the
"_**_Egress-VLANID" parameter :_*
To TAG ==> "*0x31*", to UNTAG ==> "*0x32*"; then you add 3 zeros, and
then the number of your vlan translated into hexadecimal on 3 digits
So, in English it means for the tag vlan voice number 10 ==> *0x31 000 00A*
for the untag vlan "user" number 200 ==> *0x32 000 0C8*
*your example :
*
as a TAG (such a voip phone)
dot1x Cleartext-Password := "voip"
Service-Type = login,
Tunnel-Type = VLAN ,
Tunnel-Medium-Type = IEEE-802 ,
**_**__*Egress-VLAN-Name*__*= *__*1voice*_**or _*Egress-VLANID*__*= 0x3100000A*_
dot1x Cleartext-Password := "linux"
Service-Type = login,
Tunnel-Type = VLAN ,
Tunnel-Medium-Type = IEEE-802 ,
**_**__*Egress-VLAN-Name*__*= *__*2user*_**or _*Egress-VLANID*__*= 0x320000C8*_
I hope it's enough clear for you... :-)
These parameters work with a HP Procurve, a Zyxel (1910), a Cisco 3550 and a Cisco 2960 and with VOIP phones too (to be tag, and to untagg devices plugged on it).
Ben Gailly.
Le 28-04-20 à 14:27, Heikki Lavaste a écrit :
> Hi,
>
> I've some client devices connected to a switch.
> Is there a way to set the vlan that radius assigns to be tagged/untagged?
> I saw some examples of a HP/Aruba VSA that can do this, but anything vendor neutral way to do the same?
> Example user:
>
> dot1x Cleartext-Password := "linux"
> Service-Type = login,
> Tunnel-Type = VLAN ,
> Tunnel-Medium-Type = IEEE-802 ,
> Tunnel-Private-Group-ID = 100
>
> Kind regards
>
> Heikki Lavaste
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list