I would like to assign different PPP dial-in users to different subnets (depending on some group membership which I can play around in with the Windowz RADIUS server).
My questions are:
Is it possible to restrict users to a specific VLAN?
What if they needed access to more than one VLAN?
What attributes would I need to send from the RADIUS server to restrict traffic?
Hi thanks for the reply, I am looking into this and would appreciate some pointers:
I am adding the following chain below:
[MikroTik] ip firewall> add chain=vlan72 out-interface=LAB2_VLAN
[MikroTik] ip firewall> add chain=vlan72 in-interface=LAB2_VLAN
Under the radius documentation it says: Filter-Id - filter rules in ppp chain that will jump to the specified chain, if a packet has come to/from the client (that means that you should first create a ppp chain and make jump rules that would put actual traffic to this chain). The same applies for HotSpot, but the rules will be created in hotspot chain.
What do I need to do to make radius authenticated traffic jump to the vlan72 chain?
Am I right to assume for the vlan72 chain I should mention in and out interfaces so traffic is restricted and let the default drop all catch the rest?
