[RADIATOR] Dynamically assign VLAN to wireless clients

Heikki Vatiainen hvn at open.com.au
Mon Dec 20 10:01:40 CST 2010


On 12/20/2010 05:25 PM, Patrick Renkens wrote:

> PostAuthHook to replace the default Tunnel-Private-Group-ID in the
> reply-packet with the generated ID now runs OK.
> 
> I placed the PostAuthHook after the AuthBy clause in the handler for the
> outer tunnel. A first glance learns that it works.
> But we assume that a re-authentication - for whatever reason - will
> possible place the wireless client in a different VLAN.
> Is there a way to preserve this behaviour, or to keep the session intact
> with a re-authentication?

If I understood correctly, you have the same requirement that was
discussed on this list previously:

http://www.open.com.au/pipermail/radiator/2010-November/016769.html

Please check the thread and see if

EAPTLS_SessionResumption 0

does the trick for you.

Thanks!


> Kind regards,
> Patrick Renkens
>   Centre for Information Services (UCI)
>   Radboud University Nijmegen, Netherlands
> 
> 
> 
> 
> Op 12-11-2010 17:31, Patrick Renkens schreef:
>>
>> Hi All,
>>
>> We would like to dynamically assign VLAN's to wireless clients.
>> All of the authentication process (inner and outer tunnel etc.) runs OK,
>> but the last step should be assigning a dynamic VLAN ID
>> (Tunnel-Private-Group-ID) to the client in a short range of ID's.
>>
>> Can this be done, and if so, how?
>>
>> I already wrote a small PostAuthHook that can generate a random VLAN-ID
>> within this short range of ID's. It replaces the default
>> Tunnel-Private-Group-ID in the reply-packet with the generated ID, but
>> it doesn't do the trick. It does replace the Tunnel-Private-Group-ID but
>> is has no affect on the process (so it seems).
>>
>> The reason for this feature is that the current VLAN is too small and we
>> prefer to have several VLAN's for the wireless clients instead of a much
>> larger single VLAN.
>>
>> Any other ideas or workarounds are also appreciated.
>>
>> Kind regards,
>> Patrick Renkens
>>   Centre for Information Services (UCI)
>>   Radboud University Nijmegen, Netherlands
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list