Hi All
We are using FR 2.1.5 for authenticating wireless users against our LDAP
database. Recently, our student wireless vlan is getting too large, and we
wish to subdivide it.
Currently we place users in the appropriate vlan based on the user type
returned via the groupmembership_attribute as defined in modules/ldap. So if
that attribute =student, we put them in student vlan. Our users file entry
looks like:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Called-Station-Id =~ ".*Wireless
", Huntgroup-Name == WSS1, unbldap-Ldap-Group == student
User-Name=`%{User-Name}`,
Tunnel-Private-Group-Id=student,
Tunnel-Type=VLAN,
Fall-Through = no
To reduce the number of broadcast domains going out a wireless access point,
we are thinking of placing all students in Building X into a student_vlanX.
To do this, we need to identify all the APs in the building. For each AP in
that building we'd have something like this in our users file (where
00-01-02-AA-BB-CC is the mac-address of an access point in building X):
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Called-Station-Id =~
"00-01-02-AA-BB-CC.*Wireless", Huntgroup-Name == WSS1, unbldap-Ldap-Group ==
student
User-Name=`%{User-Name}`,
Tunnel-Private-Group-Id=student_vlanX,
Tunnel-Type=VLAN,
Fall-Through = no
I'm quite certain this would work, however I was hoping there'd be some way
similar to the huntgroups file (which I realize is for NAS's which our AP's
are not acting as) that could group all our Access Point devices into a
group s we wouldn't have to have a statement in the users file like the one
above for every single wireless access point in our network.
Any advice is appreciated.
Thanks
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
