2) " set the switch to use RADIUS return attributes for VLAN (and for session time etc) and set the fail VLAN and guest VLAN to Y" => that's really what i want to do so in my users file
myuser Cleartext-Password := "user" Tunnel-type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = "666" Session-Timeout = "28800" Termination-Action = "RADIUS-Request" but how to set the fail VLAN and guest VLAN to Y ??? many thanks PS: "you should never use VLAN1 for users - most would say you shouldnt use VLAN1 for anything on cisco kit - its the default native vlan." => sure!!! 2010/3/3 Alan Buxey <a.l.m.bu...@lboro.ac.uk> > Hi, > > Hello, > > > > so i would like to redirect my winxp authenticated to VLAN1 and if not > authenticated , this client must be in vlan2 > > > > i got a switch cisco > > > > so how to handla this with freeradius? > > > read the cisco docs on dealing with 802.1X. > > you should never use VLAN1 for users - most would say you shouldnt use > VLAN1 > for anything on cisco kit - its the default native vlan. > > > what you need to do is set the port on the switch to do 802.1X...then you > can either > do the following > > > 1) set the access vlan to X, then se the fail VLAN to Y and the guest VLAN > to Y > > or (my preferred way) > > 2) set the switch to use RADIUS return attributes for VLAN (and for session > time etc) > and set the fail VLAN and guest VLAN to Y > > > where X is the access vlan for auth and Y is the chosen fail vlan > > > why do method 2? well, its then easy/quick to change the VLAN returned to > the switch > no matter where on campus/site/infrastructure - its all done via decisions > made > on the radius server. > > > the return attributeS? > > > 'Tunnel-Medium-Type'} = "IEEE-802" > 'Tunnel-Type' = "VLAN" > 'Tunnel-Private-Group-Id' = "666" > 'Session-Timeout' = "28800" > 'Termination-Action' = "RADIUS-Request" > > that would set the VLAN to be 666 with an 8 hour timeout. > > these can be set via users file, SQL, perl, python etc. we use a PERL > script in the post-auth section > > > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html