Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Selecting VLAN by LDAP or Radius entry?

Bifrost_
New Contributor
‎10-08-2012 06:38:PM
‎10-08-2012 06:38:PM

Selecting VLAN by LDAP or Radius entry?

I've been reading through the docs and the forums, but I have yet to see how to do this in a programatic way.

 

What I'd like to do is have a single auth realm configured (so that everyone appears the same on login) but when they login, the SA should match against an ldap group and then select the VLAN based on that info, and subsequently DHCP off that VLAN.

 

I've seen some things relating to assigning IP's on a per user based on Radius, but I'm unclear if it can do vlans as well.

 

If this doesn't work I have to write a parser for logfiles and go down a whole icky road...

0 Kudos
4 REPLIES 4
muttbarker_
Valued Contributor
‎10-08-2012 10:58:PM
‎10-08-2012 10:58:PM

Re: Selecting VLAN by LDAP or Radius entry?

It is late and my brain is not working to well - but VLAN assignment is tied to the role level. So you could write a custom expression that used an LDAP value to determine a role assignment. That role would apply the appropriate VLAN to the user. Thoughts?

0 Kudos
michael.saw_
Regular Contributor
‎10-09-2012 02:28:AM
‎10-09-2012 02:28:AM

Re: Selecting VLAN by LDAP or Radius entry?

Hi,

For example, it depends on the return attribute of the Radius.
If the Return attribute is "Filter-id = guest", on the SSL VPN, you may 'detect' "Filter-id = guest" and put this into "vlan-id = 101"...

Hope it helps...
0 Kudos
Bifrost_
New Contributor
‎10-09-2012 06:22:PM
‎10-09-2012 06:22:PM

Re: Selecting VLAN by LDAP or Radius entry?

Hrm,  so I can only do this with radius? Most of my data is already in LDAP so I'm a bit unexcited about switching...

0 Kudos
kenlars_
Super Contributor
‎10-11-2012 08:02:AM
‎10-11-2012 08:02:AM

Re: Selecting VLAN by LDAP or Radius entry?

You can do this with LDAP, assuming your LDAP server is used for authentication or authorization.  Let's say your LDAP had an attribute called "VLAN" in the directory entry which authenticated or authorized the user.  Then you could have role-mapping rules, like -

 

If userAttr.VLAN = "1" then assign to "Role1"

If userAttr.VLAN = "2" then assign to "Role2"

 

and Role1 and Role2 should specify different VLANs.

 

Remember that, to use any LDAP attribute, you need to add it to the server catalog for the authentication server.

 

Ken

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.