VLAN assignment based on NAS ID
Martin Pauly
pauly at hrz.uni-marburg.de
Tue Mar 23 09:28:42 CET 2021
Am 23.03.21 um 01:18 schrieb Arran Cudbard-Bell:
> Unless the code in v3.0.x differs to master, the operator would be '<' i.e. LHS is within the set on the RHS
The users file is ancient and surely doomed in 4.0, but the following does work for us in 3.0.21 (and previous):
DEFAULT NAS-IP-Address > 192.168.40.0, NAS-IP-Address < 192.168.40.16, NAS-Identifier == "My-NAS-Name"
Tunnel-Private-Group-ID = <VLAN-ID>
Tunnel-Medium-Type = 802
So the check items create a simple AND condition.
You do want narrow conditions for VLAN assignment as a
mistake in this place could really upend your VLAN-based
security concept. (Unlang does the same and much more, of course.)
Cheers, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5391 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20210323/fbe05102/attachment.bin>
More information about the Freeradius-Users
mailing list