I'm using FreeRadius with a Ubitquiti WiFi AP with 802.1x auth using EAP-TLS (mutual client/server cert based auth). This is working well for static VLANs (i.e. specified on the AP).
I'd like to offload the VLAN assignment to Radius so that different users can be assigned to different VLANs.
I am not sure how to do this using EAP-TLS. All docs I've found online use the users file but are using other EAP methods.
So for, I've put this at the top of my /etc/freeradius/users file:
DEFAULT Tunnel-Medium-Type = 6
Tunnel-Private-Group-ID = [12],
Tunnel-Type = VLAN
However no VLAN is assigned by Radius.
I'm not sure where to go from here. Perhaps I need something inside the tls section of /etc/freeradius/eap.conf to tell it to use the users file?
Help is appreciated, thanks!