802.1X VLAN Assignment with Omada-Controller

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

802.1X VLAN Assignment with Omada-Controller

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
802.1X VLAN Assignment with Omada-Controller
802.1X VLAN Assignment with Omada-Controller
2023-02-01 13:45:17
Tags: #Configuration #Radius
Hardware Version: V1
Firmware Version: 2.0.0 Build 20220322 Rel.62255

Hi,

 

i've started to change my network to new TP-Links devices as shown above. All devices are adopted by a Linux-Docker based Omada-Controller.

I tried to enable Radius-based authentification with 802.1X and configured Omada as shown here:

 

Configuration Guide on Dynamic VLAN with the VLAN Assignment function of RADIUS | TP-Link Deutschland

 

Using a Freeradius Dockercontainer, i can see that the Radiusserver is answering with correct Parameters:

 

Wed Feb  1 08:40:49 2023
        Packet-Type = Access-Accept
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-Id = "100"
        Reply-Message = "Hello, testkamera"
        Timestamp = 1675237249

 

But the Switch isn't changing the VLAN for the configured an 802.1X activated Port. I can see, that the connected device is still asking for a IP in the Management-VLAN.

Then i tested with a Radius-Server for Windows, TekRADIUS. It's the same behavior:

 

01.02.2023 14:07:12.634 - RadAuth reply to  : 172.xx.xx.xxx:53550 (Success)

 Size             : 73
 Identifier       : 171
 Attributes       : 

 Tunnel-Medium-Type = 6
 Tunnel-Type = 13
 Tunnel-Private-Group-ID = 100
 User-Name = testkamera

 

I have deleted the Switch from Omada and configured the switch locally as described here:

Wie werden die 802.1X-Authentifizierung mit dynamischer VLAN-Zuweisung auf TP-Link-Switches konfiguriert?

 

Now, the Switch is asking the Radius-Server for access like before, but then its changing the VLAN as shown in the answerpaket. Both Portbased Authentificaten and MAB are running fine.

 

I have tried almost all possible Configurations in Omada, but the 802.1x-enabled Ports stays in the Management-VLAN (or the preconfigured VLAN).

 

I hope somebody can assist me with my problem. Thank you.

 

Regards, Daniel

  0      
  0      
#1
Options