Here at Georgia Tech, I had to design a system to do VLAN steering based
on a number of criteria (including hashing based on MAC). Because I know
MySQL and the like MUCH better than freeradius configuration, that's
where we moved the logic to by using stored functions.
This system also has the
Phil Mayers wrote:
>
>> How do you deal with excessive broadcast protocols?
>
> We do nothing. We used to be very worried about this, but in practice
> we've found it's a non-existent problem. The world isn't
> 10Mbit/half-duplex ethernet any more ;o)
>
...it supposedly nukes the ability for w
Yep, I was referring to the entries I see in my logs for
"Interim-Update", which is of course an Accounting record, and I had
always assumed this went with an Auth as well, but have never looked
in detail to see! So I am most likely talking rubbish!
No, that's accounting, which is completely
On Fri, Feb 18, 2011 at 03:02:49PM +, Dean, Barry wrote:
>
> On 18 Feb 2011, at 14:26, Phil Mayers wrote:
>
> > On 18/02/11 14:16, Dean, Barry wrote:
> >> I have been asked to do just this and I am working on the solution
> >> now.
> >>
> >> We wanted to use multiple pools of VLANs/Subnets a
On Fri, Feb 18, 2011 at 03:00:48PM +, Phil Mayers wrote:
> On 18/02/11 14:52, schilling wrote:
>> I can explain my environment.
>
> This is getting OT for the list, and will be my last post.
>
>> We are migrating from traditional captive portal to new 802.1x
>> WPA2-Enterprise, from fat AP to c
On 18 Feb 2011, at 14:26, Phil Mayers wrote:
> On 18/02/11 14:16, Dean, Barry wrote:
>> I have been asked to do just this and I am working on the solution
>> now.
>>
>> We wanted to use multiple pools of VLANs/Subnets and assign "Staff"
>> to one pool and "Students"# to the other. Then to select
On Fri, Feb 18, 2011 at 02:36:55PM +, Phil Mayers wrote:
> On 18/02/11 14:29, schilling wrote:
>> Could you share your configuration and perl script? So I can learn from
>> it?
>> I am thinking of use ldap status to decide the pool, then hashing mac
>> address of the client to get different VL
On 18/02/11 14:52, schilling wrote:
I can explain my environment.
This is getting OT for the list, and will be my last post.
We are migrating from traditional captive portal to new 802.1x
WPA2-Enterprise, from fat AP to controller based wireless
architecture, Wireless mobility comes into pla
On Fri, Feb 18, 2011 at 02:16:25PM +, Dean, Barry wrote:
> I have been asked to do just this and I am working on the solution now.
>
> We wanted to use multiple pools of VLANs/Subnets and assign "Staff" to one
> pool and "Students"# to the other. Then to select a VLAN within the pool, use
>
I can explain my environment.
We are migrating from traditional captive portal to new 802.1x
WPA2-Enterprise, from fat AP to controller based wireless
architecture, Wireless mobility comes into play too. At the same
time, how to maintain the traditional source-based IP ACL/Firewall? We
already im
c.uk]
Sent: Friday, February 18, 2011 08:36 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Hash username or mac address to assign user to different vlan
On 18/02/11 14:29, schilling wrote:
> Could you share your configuration and perl script? So I can learn from it?
> I am thinking of
On 18/02/11 14:34, schilling wrote:
what's your biggest subnet for the wireless?
Our entire wireless network is one /19, but our wireless system is a
Cisco lightweight that does "clever" things with broadcast, DHCP and ARP
traffic.
However, we have lots of wired subnets which are /21, some
On 18/02/11 14:29, schilling wrote:
Could you share your configuration and perl script? So I can learn from it?
I am thinking of use ldap status to decide the pool, then hashing mac
address of the client to get different VLAN.
It seems like a lot of people are suddenly wanting to do this.
Can
what's your biggest subnet for the wireless? How do you deal with
excessive broadcast protocols?
Thanks,
Schilling
On Fri, Feb 18, 2011 at 9:26 AM, Phil Mayers wrote:
> On 18/02/11 14:16, Dean, Barry wrote:
>>
>> I have been asked to do just this and I am working on the solution
>> now.
>>
>> W
Could you share your configuration and perl script? So I can learn from it?
I am thinking of use ldap status to decide the pool, then hashing mac
address of the client to get different VLAN.
This is actually similar to how some vendor VLAN pool works, except we
are not trying to get same result as
On 18/02/11 14:16, Dean, Barry wrote:
I have been asked to do just this and I am working on the solution
now.
We wanted to use multiple pools of VLANs/Subnets and assign "Staff"
to one pool and "Students"# to the other. Then to select a VLAN
within the pool, use a hashing function and select a V
I have been asked to do just this and I am working on the solution now.
We wanted to use multiple pools of VLANs/Subnets and assign "Staff" to one pool
and "Students"# to the other. Then to select a VLAN within the pool, use a
hashing function and select a VLAN.
One concern I have is when is po
sage -
From: Kenneth Marshall [mailto:k...@rice.edu]
Sent: Thursday, February 17, 2011 05:52 PM
To: FreeRadius users mailing list
Subject: Re: Hash username or mac address to assign user to different vlan
On Thu, Feb 17, 2011 at 02:26:14PM -0800, Brett Littrell wrote:
> I agree break
On Thu, Feb 17, 2011 at 02:26:14PM -0800, Brett Littrell wrote:
> I agree breaking the network up into separate VLANs then routing between
> them would help with broadcasting but I do not agree that hashing values and
> then using those hashing values as we randomizing agents to distribute vl
I agree breaking the network up into separate VLANs then routing between
them would help with broadcasting but I do not agree that hashing values and
then using those hashing values as we randomizing agents to distribute vlans.
There has to be a more elegant way to do this, I believe there
schilling wrote:
>
> I get dynamic VLAN assignment working in post-auth section with
> help/hints from a lot of list members. Now I want to do one more
> steps. I would like to hash the username or mac-address to distribute
> users to different VLANs. The idea is to use freeradius to spread th
On Thu, Feb 17, 2011 at 02:06:18PM -0500, schilling wrote:
> Hi All,
>
> I get dynamic VLAN assignment working in post-auth section with
> help/hints from a lot of list members. Now I want to do one more
> steps. I would like to hash the username or mac-address to distribute
> users to different V
Hi All,
I get dynamic VLAN assignment working in post-auth section with
help/hints from a lot of list members. Now I want to do one more
steps. I would like to hash the username or mac-address to distribute
users to different VLANs. The idea is to use freeradius to spread the
load on different sma
23 matches
Mail list logo