68 lines
1.6 KiB
Plaintext
68 lines
1.6 KiB
Plaintext
server default {
|
|
listen {
|
|
type = auth
|
|
ipaddr = *
|
|
port = 1812
|
|
}
|
|
|
|
listen {
|
|
type = acct
|
|
ipaddr = *
|
|
port = 1813
|
|
}
|
|
|
|
authorize {
|
|
# Si es EAP (WPA-Enterprise), procesar EAP y salir para no interferir
|
|
if (&EAP-Message) {
|
|
eap
|
|
return
|
|
}
|
|
# MAC-Auth / Portal: Llama a la API REST para decidir y añadir atributos
|
|
rest
|
|
# Laboratorio: aceptar todo en flujos no EAP
|
|
update control {
|
|
Auth-Type := Accept
|
|
}
|
|
}
|
|
|
|
authenticate {
|
|
# EAP para WPA-Enterprise
|
|
eap
|
|
# Aceptar todo cuando control:Auth-Type := Accept (no EAP)
|
|
Auth-Type Accept {
|
|
ok
|
|
}
|
|
}
|
|
|
|
accounting {
|
|
rest
|
|
ok
|
|
}
|
|
|
|
post-auth {
|
|
# Asignación de VLAN dinámica por usuario
|
|
if (&User-Name == "user1") {
|
|
update reply {
|
|
Tunnel-Type := VLAN
|
|
Tunnel-Medium-Type := IEEE-802
|
|
Tunnel-Private-Group-Id := "2"
|
|
}
|
|
}
|
|
elsif (&User-Name == "user2") {
|
|
update reply {
|
|
Tunnel-Type := VLAN
|
|
Tunnel-Medium-Type := IEEE-802
|
|
Tunnel-Private-Group-Id := "5"
|
|
}
|
|
}
|
|
else {
|
|
# Fallback opcional: comentar si no quieres valor por defecto
|
|
update reply {
|
|
Tunnel-Type := VLAN
|
|
Tunnel-Medium-Type := IEEE-802
|
|
Tunnel-Private-Group-Id := "2"
|
|
}
|
|
}
|
|
}
|
|
}
|