Here at Georgia Tech, I had to design a system to do VLAN steering based
on a number of criteria (including hashing based on MAC). Because I know
MySQL and the like MUCH better than freeradius configuration, that's
where we moved the logic to by using stored functions.
This system also has
I have been asked to do just this and I am working on the solution now.
We wanted to use multiple pools of VLANs/Subnets and assign Staff to one pool
and Students# to the other. Then to select a VLAN within the pool, use a
hashing function and select a VLAN.
One concern I have is when is
On 18/02/11 14:16, Dean, Barry wrote:
I have been asked to do just this and I am working on the solution
now.
We wanted to use multiple pools of VLANs/Subnets and assign Staff
to one pool and Students# to the other. Then to select a VLAN
within the pool, use a hashing function and select a
Could you share your configuration and perl script? So I can learn from it?
I am thinking of use ldap status to decide the pool, then hashing mac
address of the client to get different VLAN.
This is actually similar to how some vendor VLAN pool works, except we
are not trying to get same result
what's your biggest subnet for the wireless? How do you deal with
excessive broadcast protocols?
Thanks,
Schilling
On Fri, Feb 18, 2011 at 9:26 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 18/02/11 14:16, Dean, Barry wrote:
I have been asked to do just this and I am working on the
On 18/02/11 14:29, schilling wrote:
Could you share your configuration and perl script? So I can learn from it?
I am thinking of use ldap status to decide the pool, then hashing mac
address of the client to get different VLAN.
It seems like a lot of people are suddenly wanting to do this.
Can
On 18/02/11 14:34, schilling wrote:
what's your biggest subnet for the wireless?
Our entire wireless network is one /19, but our wireless system is a
Cisco lightweight that does clever things with broadcast, DHCP and ARP
traffic.
However, we have lots of wired subnets which are /21, some
Lol, probably. If these are large 802.11x nets, typically deployments of that
scale use dumb WAPs and smart controllers that handle the load sharing. If
they're wired nets, doesn't make any sense to me.
- Original Message -
From: Phil Mayers [mailto:p.may...@imperial.ac.uk]
Sent:
I can explain my environment.
We are migrating from traditional captive portal to new 802.1x
WPA2-Enterprise, from fat AP to controller based wireless
architecture, Wireless mobility comes into play too. At the same
time, how to maintain the traditional source-based IP ACL/Firewall? We
already
On Fri, Feb 18, 2011 at 02:16:25PM +, Dean, Barry wrote:
I have been asked to do just this and I am working on the solution now.
We wanted to use multiple pools of VLANs/Subnets and assign Staff to one
pool and Students# to the other. Then to select a VLAN within the pool, use
a
On 18/02/11 14:52, schilling wrote:
I can explain my environment.
This is getting OT for the list, and will be my last post.
We are migrating from traditional captive portal to new 802.1x
WPA2-Enterprise, from fat AP to controller based wireless
architecture, Wireless mobility comes into
On Fri, Feb 18, 2011 at 02:36:55PM +, Phil Mayers wrote:
On 18/02/11 14:29, schilling wrote:
Could you share your configuration and perl script? So I can learn from
it?
I am thinking of use ldap status to decide the pool, then hashing mac
address of the client to get different VLAN.
It
On 18 Feb 2011, at 14:26, Phil Mayers wrote:
On 18/02/11 14:16, Dean, Barry wrote:
I have been asked to do just this and I am working on the solution
now.
We wanted to use multiple pools of VLANs/Subnets and assign Staff
to one pool and Students# to the other. Then to select a VLAN
On Fri, Feb 18, 2011 at 03:00:48PM +, Phil Mayers wrote:
On 18/02/11 14:52, schilling wrote:
I can explain my environment.
This is getting OT for the list, and will be my last post.
We are migrating from traditional captive portal to new 802.1x
WPA2-Enterprise, from fat AP to controller
On Fri, Feb 18, 2011 at 03:02:49PM +, Dean, Barry wrote:
On 18 Feb 2011, at 14:26, Phil Mayers wrote:
On 18/02/11 14:16, Dean, Barry wrote:
I have been asked to do just this and I am working on the solution
now.
We wanted to use multiple pools of VLANs/Subnets and assign Staff
Yep, I was referring to the entries I see in my logs for
Interim-Update, which is of course an Accounting record, and I had
always assumed this went with an Auth as well, but have never looked
in detail to see! So I am most likely talking rubbish!
No, that's accounting, which is completely
Phil Mayers p.may...@imperial.ac.uk wrote:
How do you deal with excessive broadcast protocols?
We do nothing. We used to be very worried about this, but in practice
we've found it's a non-existent problem. The world isn't
10Mbit/half-duplex ethernet any more ;o)
...it supposedly nukes
On Thu, Feb 17, 2011 at 02:06:18PM -0500, schilling wrote:
Hi All,
I get dynamic VLAN assignment working in post-auth section with
help/hints from a lot of list members. Now I want to do one more
steps. I would like to hash the username or mac-address to distribute
users to different VLANs.
schilling schilling2...@gmail.com wrote:
I get dynamic VLAN assignment working in post-auth section with
help/hints from a lot of list members. Now I want to do one more
steps. I would like to hash the username or mac-address to distribute
users to different VLANs. The idea is to use
I agree breaking the network up into separate VLANs then routing between
them would help with broadcasting but I do not agree that hashing values and
then using those hashing values as we randomizing agents to distribute vlans.
There has to be a more elegant way to do this, I believe there
On Thu, Feb 17, 2011 at 02:26:14PM -0800, Brett Littrell wrote:
I agree breaking the network up into separate VLANs then routing between
them would help with broadcasting but I do not agree that hashing values and
then using those hashing values as we randomizing agents to distribute
OT from OP question, but have you ever thought of PVLANs, VACLs, PACLs,
broadcast storm control, etc. Not sure how many users you're talking about,
and what apps, but with prudent configs many thousands of users can exist on
a single VLAN without concern.
- Original Message -
From:
22 matches
Mail list logo
