[ previous ] [ next ] [ threads ]
 From:  "Nantel Mathieu" <mnantel at microserv dot ca>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Spoofing max adresses
 Date:  Wed, 4 May 2005 16:34:43 -0400
> Ok. Do you know if there is a captive portal which prevent 
> from that ?? 
> (except talweg captive portal)
> I have an idea, but I don't know if it is possible.
> I would like to contact the freeradius server.A person A 
> gives his login and password. A radius server is contacted, 
> in the response, ii give an attribute for example 
> Reply-Message = vlan 1 . Is it possible to put users in vlan 
> as that ??

Yes, and it's even standardized: it's called 802.1x. However, typically
the 802.1x supplicant (the workstation) will provide credentials to the
authenticator (the switch port) which in turn will pass on the info to
the authentication server (the radius or tacacs+ server). The
authentication server may return parameters as part of the
authorization, which the authenticator will use to put the workstation
in a vlan, as an example. The workstation itself does not get the vlan
info. I'm not very well versed in 802.1x, so what you are trying to
achieve might still be possible. At least you put on name on it now...

> What is the utility of vlan in monowall ??

Let's assume you have a limited number of physical ports on your
monowall. You hook up the monowall to one of your managed switch, enable
802.1q on the mono and the switchport, et voila; you now have a router
with an interface on each of your vlan/subnets. This was heavily used in
the past when interfaces were expensive. They still are to a certain
degree today, but you see more and more layer3 switches that route
nearly as fast as they switch (depending on the context).

> Thanks
> Nans
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
Avis de confidentialité : 

L'information contenue dans ce message électronique ainsi que dans les fichiers qui peuvent y être
attachés est de nature confidentielle et destinée à l'usage exclusif du destinataire. Si ce message
vous est parvenu par erreur ou que vous n'êtes pas le destinataire visé, vous êtes par la présente
avisé que tout usage, copie ou distribution de l'information contenue dans ce message est
strictement interdit et vous êtes prié d'en aviser l'expéditeur et de détruire ce message. 

Confidentiality Notice :

This email and any files transmitted with it are confidential and intended solely for the use of the
individual or entity to whom they are addressed. If you have received this email in error please
notify the system manager. This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not disseminate, distribute or
copy this e-mail.