Hello Chanin!
One alternative is VLAN, but this requiere VLAN-capable AP, like cisco 1100...
Another is to capure the MAC address in the loggin phase, and recompute the firewall rules... but, I am not sure if you have in freeradius the MAC address of the user in the login phase... (I'm thing... lunch some script via rlm_exec)
Talk to dhcp server is leease of time, because don't support scripting asignament of configurations...
CArlos.-
Chanin Luangingkasut wrote:
Hello All,
Now I using eap_tls to authenticate user, and I want to separate subnet for staff in building and visitor. If clients authentication succeeded it get ip in subnet 192.168.1.xxx, but clients don't have client CA, it cannot authentication on radius server, and forward to dhcp server2 get ip in subnet 192.168.2.xxx.I don't know for this feature!! Can I do this? Please let me know.
Following in picture this URL: http://www.buraphalinux.org/~chanin/activities/Wireless/Plan1.jpg
Thank you.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
