FreeRadius and Dynamic Vlan for wireless

An example of the FreeRadius configuration required for wireless authentication with dynamic VLANs.

/etc/freeradius/users

marc    Cleartext-Password     := "mypassword"
        Tunnel-Type             = VLAN,
        Tunnel-Medium-Type      = IEEE-802,
        Tunnel-Private-Group-Id = 1000

/etc/freeradius/eap.conf

  peap {
                        #  The tunneled EAP session needs a default
                        #  EAP type which is separate from the one for
                        #  the non-tunneled EAP module.  Inside of the
                        #  PEAP tunnel, we recommend using MS-CHAPv2,
                        #  as that is the default type supported by
                        #  Windows clients.
                        default_eap_type = mschapv2

                        #  the PEAP module also has these configuration
                        #  items, which are the same as for TTLS.
                        copy_request_to_tunnel = no
                        use_tunneled_reply = yes 

 

Leave a Reply