Is it possible to assign VLANs on Linux based on the MAC address of the client? If so, how? The vconfig man pages seem to indicate it only operates on a port-basis.
I'm trying to achieve a wireless setup where new clients are assigned to a 'unapproved' vlan which they will stay in until an administrator has approved them (or perhaps until they've registered on a local captive portal) at which point I wish to re-assign them to the 'approved' vlan.
How can I configure a MAC:VLAN ID mapping under linux, if it exists?
In general, there is an operation mode of most business-level access points called something like "dynamic VLAN assignment" (it is a Cisco-branded term, others may name it differently). The basic idea is that a WLAN client is put in a VLAN depending on the authentication credentials sent. Your infrastructure, including the RADIUS server, must provide for this.
The "dynamic VLANs" feature (again a Cisco-branded term) mainly targeted at wired infrastructure is also pretty close to what you are looking for.
If you don't have Cisco gear, there is also the term of MAC-based VLANs for VLANs not built by 802.1q tags, but simply defined by MAC addresses of the clients. As MAC adresses can be arbitrarily set by the clients, this technique is obviously insecure, but might be useful nontheless. Pre-802.1q VLAN implementations supported this kind of VLANs (about 12-15 years ago), but have gone mostly extinct nowadays.
But a recently published patch for the mainstream 3.2.1 kernel sources introduces a new "source" mode for the "macvlan" module as an implementation of the very same MAC-based VLAN feature of the olden days. The patch has not yet been merged into the Kernel souces as it still needs some work, but you obviously can apply it yourself if the need is pressing. Or just wait for the official merger to happen - if the code is any good, it would not take long.
I think we're going to need more details about your physical configuration. In short, unless your linux "server" is acting as some kind of trunked wireless access controller or is able to manipulate things on the fly then I doubt it. I suppose you could run multiple SSIDs with MAC based authentication perhaps, each SSID on a different vlan.
You can't do this with VLANs. That's more of a switch function and linux is more of a client.
What you want is called a "captive portal", there are a number of solutions available which use the iptables firewall to implement.
Some examples of captive portal distributions are pfsense, zeroshell.
Here's an article on more standalone linux software to put on an existing machine: