Thanks for the reply Scott. Not something I had considered however in our case it's not an issue since we aren't requiring clients to reauth. We are implementing this for our wired network. Our equipment, primarily Cisco 2960s do support a "group vlan" for load-balancing client distribution however it's not as easy to manage as a few lines within the radius config.
-----Original Message----- From: freeradius-users-bounces+jesse.cotton=stockton....@lists.freeradius.org [mailto:freeradius-users-bounces+jesse.cotton=stockton....@lists.freeradius.org] On Behalf Of Scott Armitage Sent: Tuesday, July 17, 2012 8:29 AM To: FreeRadius users mailing list Subject: Re: Load-Balance VLAN assignment via unlang On 17 Jul 2012, at 12:57, Cotton, Jesse wrote: > Using FR as a central RADIUS server. One task it performs is dot1x auth. It > forwards eap requests to one of several home servers which performs the auth > and returns several attributes including Tunnel-Private-Group-Id. This > attribute contains multiple values indicating one of several potential vlans > a client can be put on. I would like perform simple load balancing by > selecting one of the vlans randomly. I have the following within the > post-auth section. What am I doing wrong? I have tried several variations. I > know the syntax is incorrect but google has not been helpful. Thanks in > advance. > > > > > > if("%{reply:Tunnel-Private-Group-Id[#]}" > 1){ > > update reply { > > Tunnel-Private-Group-Id := > %{reply:Tunnel-Private-Group-Id[%{rand:%{reply:Tunnel-Private-Group-Id[#]}}]} > > } > > } > Not a solution but some caveats. If you are randomly returning a vlan, you could have clients bouncing around vlans when they reauth. You may also achieve the same result using features in your wireless equipment. For example if you have Cisco wireless you could use Vlan Select (and return the clan select group from the radius server). Scott Armitage - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
