[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: 802.1x issues with different NAS' types
From: Alan DeKok <aland () deployingradius ! com>
Date: 2021-03-24 11:39:21
Message-ID: 13F06DED-3301-422D-9766-45DF7C05BD47 () deployingradius ! com
[Download RAW message or body]
On Mar 24, 2021, at 7:15 AM, Marco Miglietta <marco.miglietta@unisalento.it> wrote:
> In order to solve the problem in passing VLAN related attribute during 802.1x \
> authentication with Aruba AP, I found the post below useful. But this caused \
> problems with VLAN assignment on Junipers switches during the 802.1x authentication \
> process. What is a way to solve the problem? The solutions seem to be mutually \
> exclusive.
There is not a unique "the problem" which is being solved. Instead, there is a \
whole grab-bag of issues.
IF you want to apply policies based on "real" name, THEN for PEAP / TTLS, that real \
name is only available in the inner tunnel. AND THEN you have to apply the policies \
in the inner tunnel, and then copy the results to the outer reply.
IF you want to apply policies based on things like MAC addresses, THEN those \
addresses are always available (you don't need inner-tunnel). AND THEN you can just \
apply policies in the "default" outer virtual server.
There is no "magic set of incantations" which will make FreeRADIUS do what you \
want. You have to understand what's going on, including understanding how FreeRADIUS \
works. And only then can you configure the server to do it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic