VLAN assignment based on NAS ID
Matthew Newton
mcn at freeradius.org
Tue Mar 23 12:02:03 CET 2021
On 23/03/2021 10:00, Max Elzinga wrote:
> I am currently testing and it seems like some networks are working, and some don’t work. For example the 10.2.16.0/24 is working, but 10.2.146.0/24 seems to be ignored.
>
> Example:
> (10) if (&NAS-Port-Type == Ethernet) {
> (10) if (<ipv4prefix>&NAS-IP-Address < 10.2.146.0/24) {
> (10) if (<ipv4prefix>&NAS-IP-Address < 10.2.146.0/24) -> FALSE
> (10) if (<ipv4prefix>&NAS-IP-Address < 10.2.106.0/24) {
> (10) if (<ipv4prefix>&NAS-IP-Address < 10.2.106.0/24) -> FALSE
> (10) if (<ipv4prefix>&NAS-IP-Address < 10.2.16.0/24) {
> (10) if (<ipv4prefix>&NAS-IP-Address < 10.2.16.0/24) -> FALSE
> (10) } # if (&NAS-Port-Type == Ethernet) = notfound
> *****
> (10) Sent Access-Accept Id 231 from 10.2.2.118:1812 to 10.2.146.43:1812 length 0
>
> Any idea what is going wrong?
The request has a different IP address in NAS-IP-Address than the IP the
request is coming from.
> (0) Received Access-Request Id 221 from 10.2.146.43:1812 to 10.2.2.118:1812 length 388
> (0) Framed-MTU = 1480
> (0) NAS-IP-Address = 172.19.100.107
^^^^
<snip>
> (0) authorize {
> (0) if (&NAS-Port-Type == Ethernet) {
> (0) if (&NAS-Port-Type == Ethernet) -> TRUE
> (0) if (&NAS-Port-Type == Ethernet) {
> (0) if (<ipv4prefix>&NAS-IP-Address < 10.2.146.0/24) {
> (0) if (<ipv4prefix>&NAS-IP-Address < 10.2.146.0/24) -> FALSE
> (0) if (<ipv4prefix>&NAS-IP-Address < 10.2.106.0/24) {
> (0) if (<ipv4prefix>&NAS-IP-Address < 10.2.106.0/24) -> FALSE
> (0) if (<ipv4prefix>&NAS-IP-Address < 10.2.16.0/24) {
> (0) if (<ipv4prefix>&NAS-IP-Address < 10.2.16.0/24) -> FALSE
> (0) } # if (&NAS-Port-Type == Ethernet) = notfound
--
Matthew
More information about the Freeradius-Users
mailing list