I think part of my problem is that I do not have the vlans defined in the
Access Point. I incorrectly assumed that the AP would receive the vlan info
from the Radius server, and tag all outgoing packets from the wireless
client with that tag. However, I'm starting to think that that is completely
incorrect?! I should probably be creating all the vlans within the AP right?
It really depends on your Access Point.
I use a Strix access point on which you do not have to define the vlans
on the AP: you only have to set the interface to trunk mode (Tagged)
and the AP uses the vlan assigned by the radius server for the wireless
client.
=> this is the most common scenario
However on my Proxim AP2000, I have to define some hidden SSIDs to the
several vlans that can be affected by the radius server:
* the wireless client authenticates itself to the braodcasted SSID
(statically assigned a wrong vlan)
* the radius server replies Access-Accept and assigns the vlan tag
* the AP transparently retries an authentication of the client on the
hidden SSID that corresponds to this vlan
As you can see everything depends on your AP features.
If that's the case, it looks like I need a separate SSID per Vlan (using
Avaya gear here). I really hope that is not the case
First of all, you have to determin if the radius server is replying
Access-Accept and assigning the vlan tag. See the radiusd -X log.
Thibault
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html