On 25 Apr 2013, at 10:37, Arran Cudbard-Bell <[email protected]> wrote:
> > On 25 Apr 2013, at 08:54, Alan DeKok <[email protected]> wrote: > >> Franks Andy (RLZ) IT Systems Engineer wrote: >>> I have a hopefully fairly straightforward question. We have a network >>> switch, a procurve 5406 that we’re doing mac based port authentication >>> on. The switch sends radius attributes including the NAS-Port-ID. I want >>> to be able to reply with tagged and untagged vlans for the ports once >>> authenticated, but the combination depends on the port. Lots of ports >>> will likely have the same setup though, so I’d like to do something (I >>> guess in the users file) like >>> >>> DEFAULT NAS-Port-ID == 1-12, >> >> That doesn't really work... >> >>> This would work ok, but the ports are named modularly, i.e. A1, A2 etc, >>> up to usually F24 max, not just numerically. What’s the most elegant way >>> of doing this? >> >> Badly. There's really no good solution to this. > <correction> authorize{ if (!NAS-Port && ("%{tolower:NAS-Port-ID}" =~ /([a-z])([0-9]+)/i)) { update request { Tmp-String-0 := "%{1}" } update request { Tmp-Integer-0 = "0x%{hex:Tmp-String-0}" } update request { Nas-Port := "%{expr:( %{2} * 100 ) + %{Tmp-Integer-0}}" } } } DEFAULT NAS-Port >= <bar>, NAS-Port <= <bar> Arran Cudbard-Bell <[email protected]> FreeRADIUS Development Team
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
