Dynamic VLAN assignment using Freeradius with web GUI Daloradius
Dear all,
I've run into the following issue.
I have a TP-Link ER7212PC with the latest firmware 1.2.
I decided to implement a RADIUS server in my network. The server should assign users to their specific VLAN settings.
I've installed FreeRadius with WEB GUI (Daloradius) and continued to set it up.
According to the research online, Freeradius needs to send a response to the ER7212PC with some attributes. I've set those attributes up:
1. no check attributes
2. three response attributes
I further have a few VLANS at home (VLAN 5: Admin; VLAN 10: home core; etc).
On ER7212PC I've created a radius profile and I've enabled vlan assignment for wireless network.
I've created a WLAN network for testing and linked it to that radius profile and the user is authenticated, but sent to VLAN 5 and not VLAN 10 as requested by the attributes.
I've also enabled tunelled responses on Freeradius.
What am I doing wrong? Or is this a firmware glitch?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @mimi234
Thanks for posting in our business forum.
I would highly recommend you refer to this:
Configuration Guide on Dynamic VLAN with the VLAN Assignment function of RADIUS
- Copy Link
- Report Inappropriate Content
@Clive_A I have read this inside out and spent at least 12h on researching and reading various places online and I still cannot make it work.
I got to a situation as described + I know my radius works, but somehow the ER7212PC is not picking it up. Pls see the test and the response of the radius server:
Please kindly support me in resolving it.
- Copy Link
- Report Inappropriate Content
Hello?
- Copy Link
- Report Inappropriate Content
Hi @mimi234
mimi234 wrote
Hello?
You know your RADIUS is working but you are not following the guide there exists a possibility that the router does not support your "customized settings". You are improvising, aren't you?
I think you should post the whole setup and details. It does not work for me with a line that "It works". I cannot troubleshoot based on a line without knowing anything.
Not to mention I got to use my time or report it to the test team to set up a server and test it out.
And the guide is based on our test and it works. If something you are doing is not on track, you should bring it up instead of saying "it works." I know your RADIUS works and I know the guide works. That's not the attitude to fix it.
I know you can and should improvise based on that guide but you have to let us know this first and see if there is a limit on the system or misconfig.
Shouldn't you explain what type 13 means? I don't think I find 13 valid anywhere.
- Copy Link
- Report Inappropriate Content
@Clive_A Puh! That's a bit of an attitude! I am asking for your support to troubleshoot, as there must be smth wrong that I'm doing and I don't understand the aggressive tone of yours.
I have provided you with what I think is relevant for troubleshooting at this stage. I would love to provide you with more details, which you believe are relevant for troubleshooting - please guide me to what you need.
I am running freeradius with a GUI called Daloradius. In Daloradius one can set up the three attributes required, one of which is Tunnel-Type = "VLAN", which I have done as per the screenshot.
I have used NTRadPing tool to test the responses from the Radius server, the outcome of which you see below (i.e. in my 'improvised' mind, it meas that the server, once requested, authentifies the user and provides with the three attributes). Those attributes come directly from the server.
My 'improvised' understanding is that '13' equals 'VLAN', same like Tunnel-Medium-Type can be either '6' or 'IEEE-802'. I based my assumption on the ARUBA article (pls google 'aruba vlan tunnel-type')
'13' is something that I get from the Radius server, nothing that I've set up.
I'm genuinely puzzled with what other details can I provide so that they are relevant in solving the case or guiding me what to fix?
- Copy Link
- Report Inappropriate Content
Hi @mimi234
mimi234 wrote
@Clive_A Puh! That's a bit of an attitude! I am asking for your support to troubleshoot, as there must be smth wrong that I'm doing and I don't understand the aggressive tone of yours.
I have provided you with what I think is relevant for troubleshooting at this stage. I would love to provide you with more details, which you believe are relevant for troubleshooting - please guide me to what you need.
I am running freeradius with a GUI called Daloradius. In Daloradius one can set up the three attributes required, one of which is Tunnel-Type = "VLAN", which I have done as per the screenshot.
I have used NTRadPing tool to test the responses from the Radius server, the outcome of which you see below (i.e. in my 'improvised' mind, it meas that the server, once requested, authentifies the user and provides with the three attributes). Those attributes come directly from the server.
My 'improvised' understanding is that '13' equals 'VLAN', same like Tunnel-Medium-Type can be either '6' or 'IEEE-802'. I based my assumption on the ARUBA article (pls google 'aruba vlan tunnel-type')
'13' is something that I get from the Radius server, nothing that I've set up.
I'm genuinely puzzled with what other details can I provide so that they are relevant in solving the case or guiding me what to fix?
I Googled of course RFC and there is no 13. And you left your config on the device blank as well. I cannot troubleshoot further as that is not correct based on the guide.
And in the Google search, it is the time when I saw Aruba come out because of parameter 13 which does not seem to be a valid number based on RFC and I read through RFC about the Tunnel-Type and this might not be the same case.
And you are not using the same RADIUS, which requires you to manually change the .conf to make it work. You should check the RADIUS server doc to make sure everything is on the same page as the FAQ says.
And please understand that I will do what I can but that does not mean I have to answer questions about any other vendors' software or reply to every post. Some posts do not make sense and I have the choice not to reply. We should follow one man's troubleshooting mindset instead of talking to oneself.
(I mean I would make sure everything is done by the book first before improvising. Try out the docs of the server I use to make the requirement met so I can rule out it is the problem with the server. Then move on to the troubleshooting of the config of the router.)
- Copy Link
- Report Inappropriate Content
@Clive_A Hi Clive! That's fully understood. I will test the radius server as per the guideline. Do I understand correctly that ER7212PC is processing that 'VLAN' perimeter ("tunnel-type = VLAN")? What's happening if that perimeter is outside of the scope of perimeters that are 'understood' by the router? Asking out of my curiosity.
Have a great day! I will report back!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 449
Replies: 7
Voters 0
No one has voted for it yet.