On Thu, 2007-07-26 at 02:00 +0100, George Beitis wrote: > Hey guys > I am a bit new to the scene and i am having a few problems with > configuring freeradius. In essence what i want is that the user, once > verified to be assigned to a specific vlan and get an ip address from a > dhcp server, which will be aware of the vlans and there for assign > different address and subnets to each. Does this scenario make any
yes > sense? Will it be the freeradius server that will be notifying the dhcp > server to aquire an address for the client? Will the dhcp server then No > contact the access point to let it know what address the client has been > given and it in its turn give it to the client? Or will it be that the No > access point will contact the dhcp server once it has the reply from the > freeradius server, giving it the vlan id/number and requesting an ip > address and other info? No The way it works is: 1. Client does either 802.1x 2. Access point forwards authentication to radius server 3. Multiple 802.1x round-trips between client and radius server, via AP 4. When authentication is complete, the radius server returns an Access-Accept with the vlan tag 5. Access point reads the vlan tag, assigns it 6. Client brings up it's IP stack, and emits a DHCP DISCOVER 7. AP forwards the clients packet into the vlan at layer2 8. The vlan/subnet router forwards the DHCP DISCOVER to the DHCP server 9. DHCP server assigns an IP address based on source subnet & mac address There's no interaction between DHCP and Radius, no interaction between a layer2 access point and DHCP (possibly dhcp option-82 insertion), and no real interaction with a layer2 access point and any IP protocol. Basically - you just configure the AP with >1 vlan, configure a router for each VLAN with dhcp relay enabled, and configure the radius server to tell the AP the right vlan number. BEWARE: not all APs support vlan assignment. > > Is this the right or wrong way of going about this? > > regards > George > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
