I can explain my environment. We are migrating from traditional captive portal to new 802.1x WPA2-Enterprise, from fat AP to controller based wireless architecture, Wireless mobility comes into play too. At the same time, how to maintain the traditional source-based IP ACL/Firewall? We already implemented MPLS VPN based network virtualization, so we want to utilize both MPLS VPN and newer wireless architecture. That's why.
Another thing is big VLAN broadcast scalability. So we want to chop off users in different VLANs at first by hash, later will try to implement group based VLAN assignment. Also, we agree with the consensus of use eap/peapv0 for 802.1x. Just no hassle to install third party supplicant to M$ computers. And it could work with either AD or LDAP with ntPassword hash. Schilling On Fri, Feb 18, 2011 at 9:36 AM, Phil Mayers <[email protected]> wrote: > On 18/02/11 14:29, schilling wrote: >> >> Could you share your configuration and perl script? So I can learn from >> it? >> I am thinking of use ldap status to decide the pool, then hashing mac >> address of the client to get different VLAN. > > It seems like a lot of people are suddenly wanting to do this. > > Can any of you explain why, and why now? Just curious. It seems odd that so > many people want to do it, all at the same time. > > Did an article appear online or in a magazine or something ;o) > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
