[RADIATOR] Dynamically assign VLAN to wireless clients

JHONNY FREIRE DE OLIVEIRA joliveira at ul.pt
Tue Nov 16 09:47:11 CST 2010


Hi,

We are currently doing this in two steps:

1º we change the VLAN based on a LDAP attribute (this could be done based on groups as well, I think) with an extra "Auth By";
2º since we have several domains and we don't usually fill the VLAN into the LDAP,  we split each domain to its own VLAN with a PostAuthHook we have modified for this purpose (this only as effect if the VLAN was not set in the previous step);

If you want I can provide the configuration guidelines and the hook.

Regards,
___________________________________________________________________________
Jhonny Freire de Oliveira

Núcleo de Sistemas, Infra-estruturas e Segurança
 // Área de Sistemas e Comunicações // Serviços Tecnológicos
SERVIÇOS PARTILHADOS DA UNIVERSIDADE DE LISBOA
SHARED SERVICES OF THE UNIVERSITY OF LISBON
Email: joliveira at ul.pt // Tel: +351  210 443 441 // Tel: +351  967 610 703 // Ext: 30251




Alameda da Universidade, Cidade Universitária
1649-004 Lisboa
www.sp.ul.pt

-----Original Message-----
From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On Behalf Of Patrick Renkens
Sent: sexta-feira, 12 de Novembro de 2010 16:32
To: radiator at open.com.au
Subject: [RADIATOR] Dynamically assign VLAN to wireless clients


Hi All,

We would like to dynamically assign VLAN's to wireless clients.
All of the authentication process (inner and outer tunnel etc.) runs OK,
but the last step should be assigning a dynamic VLAN ID
(Tunnel-Private-Group-ID) to the client in a short range of ID's.

Can this be done, and if so, how?

I already wrote a small PostAuthHook that can generate a random VLAN-ID
within this short range of ID's. It replaces the default
Tunnel-Private-Group-ID in the reply-packet with the generated ID, but
it doesn't do the trick. It does replace the Tunnel-Private-Group-ID but
is has no affect on the process (so it seems).

The reason for this feature is that the current VLAN is too small and we
prefer to have several VLAN's for the wireless clients instead of a much
larger single VLAN.

Any other ideas or workarounds are also appreciated.

Kind regards,
Patrick Renkens
  Centre for Information Services (UCI)
  Radboud University Nijmegen, Netherlands


_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator


More information about the radiator mailing list