Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
...
What certificate i shoud use, so that valid the:
carlos User-Password == "carlos"
Service-Type = Framed-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2
and if the user carlos access to the vlan 2, he can access, otherwise he
doesn't access.
RADIUS doesn't work that way. The NAS doesn't tell the server what
VLAN the user is in, because the user is NOT in a VLAN until they have
been authenticated.
Not true, see HPs Open VLAN feature. The NAS may also request that the
supplicant be put into a certain VLAN based on the static VLAN
assignment on the port the supplicant is connecting to.
rad_recv: Access-Request packet from host 139.184.9.175 port 1024,
id=119, length=306
Framed-MTU = 1480
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "xxxxxxxxxxxxxx"
User-Name = "xxx"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 28
NAS-Port-Type = Ethernet
NAS-Port-Id = "28"
Called-Station-Id = "xx-xx-xx-xx-xx-xx"
Calling-Station-Id = "xx-xx-xx-xx-xx-xx""
Connect-Info = "CONNECT Ethernet 10Mbps Half duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "700"
State = 0x20f6a63dccf5843da5b75a3deaca3c2d
EAP-Message =
Message-Authenticator =
Of course whether the Server decides to honor the NAS's request is
another matter.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
