Dear Phil Firstly thank you for taking the time to reply and for your straight forward reply to this matter. I 'm doing this as part of my MSc project, well this is actually part of the initial setup, not the project it self, and i have in my disposal a limited number of devices. I borrowed a cisco aeronet 1200 access point from my department, which supports vlans and i also have a linksys router (wrt54gl) (which i will use as a switch) and i have an old computer with one ethernet card which i intend to install freeradius on and a dhcp server. From there on i might add some more devices each belonging to a different vlan.
My thinking from what you said is to setup the vlans/tunnels on the access point, setup freeradius and then run a dhcp server on the old computer. If i want to add the dhcp server to many virtual lans do i need to create some sort of virtual interface for each? Or does the router need to be aware of where to forward dhcp packets coming from different vlans? thank you for your help regards George Phil Mayers wrote: > On Thu, 2007-07-26 at 02:00 +0100, George Beitis wrote: > >> Hey guys >> I am a bit new to the scene and i am having a few problems with >> configuring freeradius. In essence what i want is that the user, once >> verified to be assigned to a specific vlan and get an ip address from a >> dhcp server, which will be aware of the vlans and there for assign >> different address and subnets to each. Does this scenario make any >> > > yes > > >> sense? Will it be the freeradius server that will be notifying the dhcp >> server to aquire an address for the client? Will the dhcp server then >> > > No > > >> contact the access point to let it know what address the client has been >> given and it in its turn give it to the client? Or will it be that the >> > > No > > >> access point will contact the dhcp server once it has the reply from the >> freeradius server, giving it the vlan id/number and requesting an ip >> address and other info? >> > > No > > The way it works is: > > 1. Client does either 802.1x > 2. Access point forwards authentication to radius server > 3. Multiple 802.1x round-trips between client and radius server, via AP > 4. When authentication is complete, the radius server returns an > Access-Accept with the vlan tag > 5. Access point reads the vlan tag, assigns it > 6. Client brings up it's IP stack, and emits a DHCP DISCOVER > 7. AP forwards the clients packet into the vlan at layer2 > 8. The vlan/subnet router forwards the DHCP DISCOVER to the DHCP server > 9. DHCP server assigns an IP address based on source subnet & mac > address > > There's no interaction between DHCP and Radius, no interaction between a > layer2 access point and DHCP (possibly dhcp option-82 insertion), and no > real interaction with a layer2 access point and any IP protocol. > > Basically - you just configure the AP with >1 vlan, configure a router > for each VLAN with dhcp relay enabled, and configure the radius server > to tell the AP the right vlan number. > > BEWARE: not all APs support vlan assignment. > > > >> Is this the right or wrong way of going about this? >> >> regards >> George >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
