VLAN assignment based on NAS ID
Alan DeKok
aland at deployingradius.com
Mon Mar 22 20:37:26 CET 2021
On Mar 22, 2021, at 3:09 PM, Max Elzinga <m.elzinga at felton.nl> wrote:
> I would like to assign VLANs based on NAS ID. We have different subnets with switches that do 802.1x. I have tried adding NAS-IP-Address to the Users file but without any success.
$ man users
The check / comparison items go on the first line, not in the replies.
But, the "users" file can't do IP/mask matching, for historical reasons. Instead, do:
authorize {
...
if (&NAS-Port-Type == Ethernet) {
if ( <ipv4prefix>&NAS-IP-Address =10.2.106.0/24) {
update reply {
&Tunnel-Type = VLAN,
&Tunnel-Medium-Type = IEEE-802,
&Tunnel-Private-Group-Id = 207,
}
}
...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list