Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to get dynamic vlan allocation working with custom LDAP

Hello, all - I am fairly new at this, and have been wracking my brain and the Internet for answers.



In my testbed environment, I have a Cisco access switch ( a 2970 ) that is configured to authenticate wired connections via 802.1x. Authentication is working just fine against LDAP users via RADIUS using PEAP, but if my understanding is correct, three RADIUS attributes need to be passed back to the authenticating switch to process the correct VLAN assignment.


According to http://vuksan.com/linux/dot1x/802-1x-LDAP.html these attributes are:


radiusTunnelMediumType

radiusTunnelType

radiusTunnelPrivateGroupId


So, I would assume that these are attached with the user configuration information in the OpenDirectory record, yes ? If so, how do I map these attributes into the schema, by hand? Are they automatically passed back to the switch post EAP authentication?


I would greatly appreciate some insight anybody can offer, this is a stepping stone to rolling out X.509 certificates and smartcard authentication, so that'll be up next once I get dynamic VLAN assignments working.


Regards,

Jake

Xserve, Mac OS X (10.6.8)

Posted on Feb 1, 2012 9:43 AM

There are no replies.

How to get dynamic vlan allocation working with custom LDAP

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.