[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: 802.1x issues with different NAS' types
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2021-03-24 11:39:21
Message-ID: 13F06DED-3301-422D-9766-45DF7C05BD47 () deployingradius ! com
[Download RAW message or body]

On Mar 24, 2021, at 7:15 AM, Marco Miglietta <marco.miglietta@unisalento.it> wrote:
> In order to solve the problem in passing VLAN related attribute during 802.1x \
> authentication with Aruba AP, I found the post below useful. But this caused \
> problems with VLAN assignment on Junipers switches during the 802.1x authentication \
> process. What is a way to solve the problem? The solutions seem to be mutually \
> exclusive.

  There is not a unique "the problem" which is being solved.  Instead, there is a \
whole grab-bag of issues.

  IF you want to apply policies based on "real" name, THEN for PEAP / TTLS, that real \
name is only available in the inner tunnel.  AND THEN you have to apply the policies \
in the inner tunnel, and then copy the results to the outer reply.

  IF you want to apply policies based on things like MAC addresses, THEN those \
addresses are always available (you don't need inner-tunnel). AND THEN you can just \
apply policies in the "default" outer virtual server.

  There is no "magic set of incantations" which will make FreeRADIUS do what you \
want.  You have to understand what's going on, including understanding how FreeRADIUS \
works.  And only then can you configure the server to do it.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]