Franks Andy (RLZ) IT Systems Engineer wrote: > I have a hopefully fairly straightforward question. We have a network > switch, a procurve 5406 that we’re doing mac based port authentication > on. The switch sends radius attributes including the NAS-Port-ID. I want > to be able to reply with tagged and untagged vlans for the ports once > authenticated, but the combination depends on the port. Lots of ports > will likely have the same setup though, so I’d like to do something (I > guess in the users file) like > > DEFAULT NAS-Port-ID == 1-12,
That doesn't really work... > This would work ok, but the ports are named modularly, i.e. A1, A2 etc, > up to usually F24 max, not just numerically. What’s the most elegant way > of doing this? Badly. There's really no good solution to this. > I could do a wildcard match, but I think I’ve seen > incompatibilities mentioned with possibly chap, which is what I’m using. > Could have that wrong though. Is there a better way? Nope. Regular expression matches are probably the simplest way of doing it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
