I set up the Freeradius app and have it running with cabled VLANs on HP switches. After a while testing I got it running with dynamic assigned VLANs. But it works only with VLAN assigned to users not computers. I’d like to have computers in different VLANs not only after a users logged in 802.1x. Is this by design or am I doing something wrong?
Any advice is welcome.
Hi,
I am a little bit unsure about Radius. But at least I can try to explain the standards for these items regarding network layers.
When a user powers on a computer the computer tries to get a network connection. This is done in several layers.
First, the computer tries to get access to the Wifi network according to the 802.1x protocol. Once the user is allowed to use THIS specific net further access is given to the computer to get an IP address when using DHCP. Even when not using DHCP before 802.1x did succeed, there will be no IP connection.
It is possible to configure DHCP to tell the computer which VLAN to use- but when Radius does not allow access (or does not know about it) the computer will not get access.
A little bit difficult to explain, I’ll try to sketch:
user
|
computer
|
Radius (802.1x)
|
VLAN
|
IP Layer access
|
DHCP
!|!
switching to a different VLAN not possible.
So it sort of a hen-and-egg issue:
Without user access to the desired network the computer itself will not get access on any layer (neither IP or DHCP) on this network.
And switching after authorization is not possible.
So I guess you can not archieve your goal, sorry for this.
I might be completely wrong, but that’s so far I understand it here.
/KNEBB