Inner tunnel - VLAN assignment
Max Elzinga
m.elzinga at felton.nl
Tue Jul 26 11:23:57 UTC 2022
Hello,
We are currently testing with FreeRADIUS. We would like to assign different VLANs based on certificate SAN name and ethernet/wireless configuration. The configuration I have pasted below is working in the Inner Tunnel file. I would like to check if this is according to the best practices. Any suggestions?
Thanks in advance.
if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
update reply {
&User-Name !* ANY
}
}
update {
&reply: += &session-state:
}
if (User-Name =~ /\.child\.int\.domain\.local/ || NAS-Port-Type == Ethernet){
if (<ipv4prefix>&NAS-IP-Address < 10.36.2.0/23) {
update reply {
&Tunnel-Type = 13,
&Tunnel-Medium-Type = 6,
&Tunnel-Private-Group-Id = "106"
}
}
}
if (User-Name !~ /\.child\.int\.domain\.local/ || User-Name =~ /\.int\.domain\.local/ || NAS-Port-Type == Ethernet){
if (<ipv4prefix>&NAS-IP-Address < 10.36.2.0/23) {
update reply {
&Tunnel-Type = 13,
&Tunnel-Medium-Type = 6,
&Tunnel-Private-Group-Id = "107"
}
}
}
if (User-Name =~ /\.child\.int\.domain\.local/ || NAS-Port-Type == Wireless-802.11){
if (<ipv4prefix>&NAS-IP-Address < 10.36.2.0/23) {
update reply {
&Tunnel-Type = 13,
&Tunnel-Medium-Type = 6,
&Tunnel-Private-Group-Id = "110"
}
}
}
if (User-Name !~ /\.child\.int\.domain\.local/ || User-Name =~ /\.int\.domain\.local/ || NAS-Port-Type == Wireless-802.11){
if (<ipv4prefix>&NAS-IP-Address < 10.36.2.0/23) {
update reply {
&Tunnel-Type = 13,
&Tunnel-Medium-Type = 6,
&Tunnel-Private-Group-Id = "111"
}
}
}
Kind regards,
Max
More information about the Freeradius-Users
mailing list