Why not use public secure password forwarding?
" Public Secure Packet Forwarding (PSPF) prevents client devices associated to an access point from inadvertently sharing files or communicating with other client devices associated to the access point. It provides Internet access to client devices without providing other capabilities of a LAN. This feature is useful for public wireless networks like those installed in airports or on college campuses."
http://www.cisco.com/en/US/products/hw/wireless/ps4570/ products_configuration_guide_chapter09186a00802085c3.html#wp1038494
On May 25, 2004, at 8:27 AM, Dan Armstrong wrote:
(this is now kind of off the topic of radius but... )
Yes, it is a bit heavy.... What this is really doing is kind of sort of mimicking "private VLANs" in the Catalyst sense. Where each user in a VLAN cannot see each other, but they can all send traffic towards one assigned port...
I am playing chicken with the Cisco development team. By the time I run into a hard limit somewhere, I am hoping they will have coded private VLANs into the Aironets....
Artur Hecker wrote:
i don't know, but i would say execute an external program which reads a VLAN list file and attibutes and marks as used the next unused VLAN.
but you will end up with #VLANs = #users... it's pretty heavy (pull all the VLANs from all APs to the switches) and quite limited, isn't it?
ciao artur
Dan Armstrong wrote:
I know this idea is a bit whacked, but if anybody can think of a creative way I might be able to achieve it - I would be eternally grateful...
We are authenticating wireless users from a Cisco Aironet (1100/1200). I know that I can pass back a VLAN to plop the user into, once authenticated.
What I want to do is have radius keep a "pool" of VLANs, and each time a user is authenticated, they end up in the next VLAN. It would also have to return disconnected vlans back into the pool for reuse.
Any thoughts?
(If there is no relatively simple way to do this, I do have budget if anybody out there wants to help code it)
:-)
Thanks,
Dan.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
