(RADIATOR) Help understanding handlers to allow a guest vlan fallback on wireless

Jeff Wolfe wolfe at ems.psu.edu
Thu Dec 2 17:37:10 CST 2004 

doc at dcclrt.co.uk wrote:
> Hi again Hugh and All,

> 
> A client with a laptop walks on site and wants to access the web. By 
> associating with the AP the client is given the AP's native vlan and as 
> authentication is not required but optional the client is able to browse 
> web pages. The client decides to install the 802.1x client we use in 
> order to gain full access to the network. Having installed the client 
> and successfully authenitcated the client is placed into a "full access" 
> vlan.
> 
> The problem I am having is that having set a Native vlan ID of 2 on the 
> AP I expected to be given that vlan when I associate with the AP in 
> order to just web browse. However I am given a vlan id of 1. This seems 
> somewhat strange.
> If there is no 802.1x authentication attempt then Radiator cannot assign 
> a vlan, and my previous idea of a default vlan in the radius config file 
> will not work. So by using a default vlan on the AP and a "full access" 
> vlan being assigned after successfull 802.1x authentication, we would 
> achieve our desired scenario.
> 
> Does anyone have anything similar to this scenario at all ?
> Anyway if anyone can help at all that would be great.

We achieve a similar effect with a different setup.. Our Cisco APs have 
2 SSIDs configured, one for .1x, and one for "public" use. We beacon the 
public SSID, so users can see and associate with it. At the same time, 
users with the .1x client are configured to use the .1x SSID and are 
dropped into a "full access" vlan when they do .1x authentication.

Of course, you have to be able to run multiple SSIDs tied to multiple 
VLANs on your APs for that to work.. :\

I read your posts with some interest because I want to go back and set 
things up so I can put the .1x clients into a particular vlan based on a 
table lookup, but I haven't had enough  round tuits to work on it yet.


-JEff

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list