802.1X - ntlm, Secure LDAP and dynamic vlan

Alan DeKok aland at deployingradius.com
Wed Aug 25 02:52:12 CEST 2021

> On Aug 24, 2021, at 7:44 PM, Ray Burquest <rburquest at respiro.com.au> wrote:
> Hi,
> I am setting up a pilot for 802.1X with dynamic VLAN assignment based on the domain of the user attempting to connect to the switch. Users will be authenticated through different means depending on their domain ie
> user at domainA.com = ntlm
> user at domainB.com = Secure LDAP
> unrecognised domain = default guest VLAN
> I have got ntlm authentication and Secure LDAP authentication working independently but I would like some guidance as to how and where I configure the selection process and then then how to return the VLAN information

  You return it in special RADIUS attributes.  See the NAS documentation for which ones it needs.

  Typically it's:

Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = "VLAN-NAME"

  Alan DeKok.

More information about the Freeradius-Users mailing list