thank you for your reply,
i've found that config, but the part i'm missing is where to set the VSA for a specific group.
i try to explain it better (my english is very basic as you can see):
- under the Radius config page i can configure ONE (and ONE only) group allowed to authenticate via Radius.
- I need to set up more than one group specifically (i'm going to explain the reason on next point), i cannot use just one group even if this contains others groups (nested groups)
- for each group i authorize i need to specify a different VSA (vendor specific attribute, or general Radius Attribute) containing the VLAN tag.
example:
- the user "user1" tries to connect to the WiFi and the Access Point asks for user/pass (802.1X auth)
- the user gives "user1" / "pass"
- the authentication credentials goes through the RADIUS server to the LDAP
- LDAP says "OK" i know him, he is in the LDAP group "company1"
- RADIUS matches the LDAP group "company1" and attach to the authentication response the binded VSA (or general) which says "VLAN 100"
- the Access Point retrieve the Radius packet, and bridges the user WiFi connection to the ethernet cable on VLAN 100.
of course i need to set up more than one group, each one with his specific VSA attribute containing the VLAN value associated to that group.
Can this config be done in some way ?
This is a standard behaviour for a Radius Server used for 802.1X Auth in WiFi deployment.
-----------------
edited: spelling errors, i need some english class