On 04/29/2011 01:30 PM, subcode wrote:
Hi Phil,
thank you for your answer, but my AP don't supported vlan assignment. It's a
Agh, sorry. What I meant to say was:
"IP assignment on wireless networks is with DHCP, not Radius"
simple Vodafone EasyBox803 Router and I use it only as Access Point. Do you
know another way to make that? I describe you what i want to do.
My goal is that, when some customer buy a coffee, he recive an Account with
User and Password.
Users are assigned to a Group with Permissions (Low, Mi, Hi). Low Permission
is HTTP/s Access, Mi is Low+FTP/s+IMAP/s and Hi is all Protocols. So, Low
Group should have IP-Range 192.168.1.0/24, Mi IP-Range 192.168.2.0/24 and Hi
192.168.3.0/24.
As above: you must use DHCP for IP assignment, and DHCP normally keys
off a combination of the source network, and client ethernet address.
Choices are:
a. record/register the clients ethernet address (tedious and error-prone)
b. when a username authenticates, extract the ethernet address and
send it to the DHCP server (not easy)
c. use vlan assignment; then the DHCP server just hands out IPs
per-vlan (you can't do this)
d. don't use IP address for filtering; instead, set the ACL in the
radius reply (maybe your NAS can do this)
As Alex has noted, FreeRADIUS does contain support for also being a DHCP
server. You could in theory use this to achieve option b. - "sending" in
this case would just involve some kind of database which both the 802.1x
and DHCP bits of FreeRADIUS use. I don't know of any recipes for this
however.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
