How to get dynamic vlan allocation working with custom LDAP
Hello, all - I am fairly new at this, and have been wracking my brain and the Internet for answers.
In my testbed environment, I have a Cisco access switch ( a 2970 ) that is configured to authenticate wired connections via 802.1x. Authentication is working just fine against LDAP users via RADIUS using PEAP, but if my understanding is correct, three RADIUS attributes need to be passed back to the authenticating switch to process the correct VLAN assignment.
According to http://vuksan.com/linux/dot1x/802-1x-LDAP.html these attributes are:
radiusTunnelMediumType
radiusTunnelType
radiusTunnelPrivateGroupId
So, I would assume that these are attached with the user configuration information in the OpenDirectory record, yes ? If so, how do I map these attributes into the schema, by hand? Are they automatically passed back to the switch post EAP authentication?
I would greatly appreciate some insight anybody can offer, this is a stepping stone to rolling out X.509 certificates and smartcard authentication, so that'll be up next once I get dynamic VLAN assignments working.
Regards,
Jake
Xserve, Mac OS X (10.6.8)