Part 1 - Introduction

Do you need 802.1X at your home LAN?

It depends, for simple LAN, probably not. But if you need to secure your wired network infrastructure, i.e. someone can unplug your outdoor camera and plug their own device, or maybe you have an exposed managed network switch in your home lab, and you dont want your Lan Party buddies to just connect there without your knowledge, then this is a pretty solid option.

Special Bonus: Based on credential, VLAN will be dynamic (i.e. same port can be VLAN 10, 20, etc. without manual configuration, VLAN ID will be based on user)

If you would like to know more about 802.1X, from IEEE - 

"Port-based network access control allows a network administrator to restrict the use of IEEE 802(R) LAN service access points (ports) to secure communication between authenticated and authorized devices. This standard specifies a common architecture, functional elements, and protocols that support mutual authentication between the clients of ports attached to the same LAN and that secure communication between the ports, including the media access method independent protocols that are used to discover and establish the security associations used by IEEE 802.1AE(TM) MAC Security."

Part 2 - Let's jump into it

Note: I have a video and demo on my channel but it is not required to follow these steps

To set up a simple 802.1X in Omada, you will need

1. Supplicant - I have tested this using Windows 10 PC
2. Authenticator - This will be the Omada Switch
3. Authentication Server - Built-In RADIUS of the Omada Controller

RADIUS Server Configuration - refer to Screenshot for step by step navigation

1. Global
2. Settings
3. Server Settings
4. Built-In RADIUS Slider - slide it to turn it ON
5. Server Address Type - I select Auto, choose your own if you like.
6. Secret and Authentication Port - enter your password and default authentication port
7. Enable Tunnel Reply - I checked Enable
8. Apply
   
   Switch Configuration refer to Screenshot for step by step navigation:

   

9. Organization - Select your site
10.  Settings
11. Authentication
12. 802.1X
13. 802.1X Slider - slide it to turn it ON
14. Built-in Radius Profile - select from drop-down
15. Authentication Protocol > EAP
16. Authentication Type > Port Based
17. VLAN Assignment - I checked Enable. Note/out of scope: below this option is a feature called MAB; useful for device that don't support interactive login (i.e. wired printer)
18. Authentication Ports - select Switch Ports to enable
19. Manage RADIUS Profile - click to open a new page
20. Built-In Radius Profile - click the Edit icon

    

    
    User Configuration

    

     

21. Add New RADIUS User
22. Authentication Type > User Authentication
23. Name and Password - enter user crendential
24. VLAN ID - enter what VLAN you want the user to be on
25. Apply

Part 3 - Testing

Client Configuration
Note: steps will vary based on client type, OS, and device configuration. I am only covering EAP under Windows 10, refer to your respective OS/device manual for configuration.

1. Launch "services.msc"
2. Look for "Wired AutoConfig" service and "Start". 

   

    

3. Open Network Adapter Properties and open the configuration tab
4. Open Settings then uncheck "Verify the server's". Click OK

   

    

5. Open Additional Settings then under Specify authentication mode, select "User authentication" on the drop down
6. Connect your device to the 802.1X configured port (Step 18) and enter the credential created (Step 23)

   

    

7. Done