[pfSense] 802.1X VLAN function and switch support

2011-12-14 Thread bsd 
Hi, 

I am bit off topic for the pfSense list, but since I want to be compliant with 
the FreeRadius package deployed on the pfSense system… I guess It is ok to ask 
that question here. 


I want FreeRadius to provide distinct VLANs to each of my clients based on the 
parameters defined in the FreeRadius settings. I am not certain that a lot of 
switches are compatible with this function, most of them provide 802.1X 
authentication, but can they automatically set the VLAN once the client has 
authenticated ? 

Can they provide a default VLAN for failed auth? 


As stated on the package, the switch should understand the following parameters 
: 

Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-ID = My_ID


Any feed back on implementing this VLAN attribution feature with FreeRadius and 
xxx switch will be welcome. 

Switch brands supporting this feature is also of interest… 


Thanks. 


––
- Grégory Bernard Director -
--- www.osnet.eu ---
-- Your provider of OpenSource appliances --
––
OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 802.1X VLAN function and switch support

2011-12-14 Thread Greg Hennessy 
That sounds like NAC functionality, any of the usual suspects will support the 
facility, there are a number of 'free' NAC implementations which provide the 
glue.


From: list-boun...@lists.pfsense.org [list-boun...@lists.pfsense.org] On Behalf 
Of Oliver Hansen [oliver.han...@gmail.com]
Sent: 15 December 2011 10:43
To: pfSense support and discussion
Subject: Re: [pfSense] 802.1X VLAN function and switch support


I don't have the answer but I would also be interested if anyone knows about 
this functionality. It could possibly help in a situation I've encountered 
recently.



[snip]
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] 802.1X VLAN function and switch support

2011-12-14 Thread Daniel Davis 
This is generally supported on nearly all reasonable managed switches these 
days (not always on the el-cheapo 'web-managed' switches). The switch really 
doesn't do much other than forward authentication requests and then act on the 
authorisation response. As long as the authentication server (NAC) can return 
the correct IETF attributes such as Tunnel-Type, Tunnel-Medium-Type and 
Tunnel-Private-Group-Id it will generally work. This is all supported by 
FreeRadius and well documented in the wiki with example configs for numerous 
different switch manufacturers.

Regards,

Daniel Davis


-Original Message-
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On 
Behalf Of bsd
Sent: Thursday, 15 December 2011 7:47 AM
To: pfSense support and discussion
Subject: [pfSense] 802.1X VLAN function and switch support

Hi, 

I am bit off topic for the pfSense list, but since I want to be compliant with 
the FreeRadius package deployed on the pfSense system. I guess It is ok to ask 
that question here. 


I want FreeRadius to provide distinct VLANs to each of my clients based on the 
parameters defined in the FreeRadius settings. I am not certain that a lot of 
switches are compatible with this function, most of them provide 802.1X 
authentication, but can they automatically set the VLAN once the client has 
authenticated ? 

Can they provide a default VLAN for failed auth? 


As stated on the package, the switch should understand the following parameters 
: 

Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-ID = My_ID


Any feed back on implementing this VLAN attribution feature with FreeRadius and 
xxx switch will be welcome. 

Switch brands supporting this feature is also of interest. 


Thanks. 


--
- Grégory Bernard Director -
--- www.osnet.eu ---
-- Your provider of OpenSource appliances --
--
OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


--
This message has been scanned for viruses and dangerous content by 
mail.lasseters.com.au, and no infections were found.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list