TP-Link TL-SG3248X and Freeradius 3

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TP-Link TL-SG3248X and Freeradius 3

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TP-Link TL-SG3248X and Freeradius 3
TP-Link TL-SG3248X and Freeradius 3
2022-07-07 01:08:34 - last edited 2022-12-29 07:52:21
Tags: #802.1X format

Hi all,

 

I'm trying to used Free Radius on pfSense to support 802.1X MAC address VLAN assignment with TL-SG3248X switches. It looks like the MAC auth from the TP link switch doesn't send in a format that is supported by the RAIDUS services. The RADIUS is expecting "00-11-22-33-AA-BB" user / password type format but the switch seems to be sending a format like the following "00112233aabb" and not sure if the password is blank or matches the MAC address of the device plugging into the port.

 

Any attempt to match what it looks like the switch is sending all fails or Radius test client seems to not accept it anything aside from user / password. I'm not sure if the test client will send a proper 802.1X format either. 

 

If anyone has a working setup please let me know what you did for configuration or reference to a good howto. 

 

Thanks!

 

Example of config / error log:

Freeradius configuration files are similar to this:

 

00-11-22-33-AA-BB Cleartext-Password := "00-11-22-33-AA-BB"
    
    Tunnel-Type = VLAN,
    Tunnel-Medium-Type = IEEE-802,
    Tunnel-Private-Group-ID = "100"

 

The log output has the following in firewall and also using packet capture:

 

(5) Login incorrect (Failed retrieving values required to evaluate condition): [00112233aabb/<via Auth-Type = eap>] (from client TPL-Switch01 port 1 cli 00-11-22-33-aa-bb)

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:TP-Link TL-SG3248X and Freeradius 3-Solution
2022-07-07 01:52:14 - last edited 2022-08-29 01:48:48

Dear @-42,

 

-42 wrote

I'm trying to used Free Radius on pfSense to support 802.1X MAC address VLAN assignment with TL-SG3248X switches. It looks like the MAC auth from the TP link switch doesn't send in a format that is supported by the RAIDUS services. The RADIUS is expecting "00-11-22-33-AA-BB" user / password type format but the switch seems to be sending a format like the following "00112233aabb" and not sure if the password is blank or matches the MAC address of the device plugging into the port.

 

Thank you so much for taking the time to report the issue to our community!

 

The password is the MAC address, the format should be "00112233aabb" with all lower case. It will support custom format in the later firmware updates, please check for the new firmware release notes for final confirmation.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#2
Options
1 Reply
Re:TP-Link TL-SG3248X and Freeradius 3-Solution
2022-07-07 01:52:14 - last edited 2022-08-29 01:48:48

Dear @-42,

 

-42 wrote

I'm trying to used Free Radius on pfSense to support 802.1X MAC address VLAN assignment with TL-SG3248X switches. It looks like the MAC auth from the TP link switch doesn't send in a format that is supported by the RAIDUS services. The RADIUS is expecting "00-11-22-33-AA-BB" user / password type format but the switch seems to be sending a format like the following "00112233aabb" and not sure if the password is blank or matches the MAC address of the device plugging into the port.

 

Thank you so much for taking the time to report the issue to our community!

 

The password is the MAC address, the format should be "00112233aabb" with all lower case. It will support custom format in the later firmware updates, please check for the new firmware release notes for final confirmation.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#2
Options