This is generally supported on nearly all reasonable managed switches these
days (not always on the el-cheapo 'web-managed' switches). The switch really
doesn't do much other than forward authentication requests and then act on the
authorisation response. As long as the authentication server (NAC) can return
the correct IETF attributes such as Tunnel-Type, Tunnel-Medium-Type and
Tunnel-Private-Group-Id it will generally work. This is all supported by
FreeRadius and well documented in the wiki with example configs for numerous
different switch manufacturers.
Regards,
Daniel Davis
-Original Message-
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On
Behalf Of bsd
Sent: Thursday, 15 December 2011 7:47 AM
To: pfSense support and discussion
Subject: [pfSense] 802.1X VLAN function and switch support
Hi,
I am bit off topic for the pfSense list, but since I want to be compliant with
the FreeRadius package deployed on the pfSense system. I guess It is ok to ask
that question here.
I want FreeRadius to provide distinct VLANs to each of my clients based on the
parameters defined in the FreeRadius settings. I am not certain that a lot of
switches are compatible with this function, most of them provide 802.1X
authentication, but can they automatically set the VLAN once the client has
authenticated ?
Can they provide a default VLAN for failed auth?
As stated on the package, the switch should understand the following parameters
:
Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-ID = My_ID
Any feed back on implementing this VLAN attribution feature with FreeRadius and
xxx switch will be welcome.
Switch brands supporting this feature is also of interest.
Thanks.
--
- Grégory Bernard Director -
--- www.osnet.eu ---
-- Your provider of OpenSource appliances --
--
OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
This message has been scanned for viruses and dangerous content by
mail.lasseters.com.au, and no infections were found.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list