Hi, > Yes, of course I'll have to use a Radius server, and many forums say that > if you put the Mac address in both username and password, it will > authenticate if - in the switch - you use Mab... And that's exactly what I > tried to do, but it did not authenticate... Am I doing sth wrong?
you need to check the format that the requests come through as, basically you need to just ACCEPT on that user-name > So correct me if i'm wrong : I'll have to uncomment the mac2vlan on vmps > file, add MAC-ADD,VLAN-NAME to mac2vlan, change the listening port to 1598 > and the auth type to vmps on radiusd.conf, and that's that? > It's just that... I don't exactly see how dynamic vlan assignment works if > you only use a flat list, vmps only shows how to query the DB.. you dont need to change any listener etc in radiusd.conf - there is a VMPS virtual-server you need to activate. THAT has the listening port. if you want to use eg dynamic VLAN assignments then you need to do the cleve stuff in the database. in the same vmps virtual server you will see an 'example' in the update reply{} section - commented out by default #VMPS-VLAN-Name = "%{sql:select ... where mac='%{VMPS-Mac}'}" so, if a MAC has been banned, you ensure its eg 'vlan' value is changed in your DB so the query will return. we dont use this method, instead we call a PERL module which has all of our logic/checks/bans etc in it - this was originally migrated from openvmpsd (which was a good system but not multi-threaded and couldnt handle eg simultaneous queries from 48 port switches... VMPS is dumb it just updates ALL ports unlike MAB/802.1X which are on seperate timers). when FR supported VMPS I got very excited...and we migrated overnight alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html