CoA packet

CoA packet

CoA packet
CoA packet
2024-10-14 12:11:07 - last edited Thursday
Hardware Version: V1
Firmware Version: 5.14.26.1

Hello,

 

I can't seem to get CoA to work on Omada.

 

I configured a Wireless Network in the Omada Controller (version 5.14.26.1)

 

In this configuration an external RADIUS server is being used, where CoA has been enabled

 

I have tried to use different kind of attributes in the CoA packet, but I can't seem to find the information what TP-Link Omada requires to be in the packet.

 

The client to disconnect is connected to the EAP653 with the latest version installed (1.1.0)

 

Help is appreciated

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:CoA packet-Solution
a week ago - last edited Thursday

The problem has been identified, The problem was that the EAP and the RADIUS server where not in the same subnet, something what the EAP could not handle.

Recommended Solution
  0  
  0  
#9
Options
7 Reply
Re:CoA packet
2024-10-15 03:00:05

Hi  @groove4321 

 

Please refer to this guide to perform some troubleshooting:

Troubleshooting for RADIUS Authentication Failure

  0  
  0  
#2
Options
Re:CoA packet
2024-10-15 07:12:09

  @Vincent-TP Thank you for your reply

 

This is already correctly configured.

 

What I want to find out is what attributes are expected in the CoA, see this for example: https://wiki.freeradius.org/protocol/disconnect-messages#example-disconnect-request

 

I am now using a collection of many attributes, which does not seem to work.

 

  0  
  0  
#3
Options
Re:CoA packet
2024-10-15 09:21:27

to be specific, I am using the same attributes as used in the example on the wiki page of freeradius.

 

These are the attributes:

 

  • Acct-Session-Id
  • User-Name
  • NAS-IP-Address

 

  0  
  0  
#4
Options
Re:CoA packet
2024-10-16 03:18:11

  @groove4321 

 

If you want to use the DM function of the Radius Portal, Omada Controller can receive DM message from the radius server by turning on the Disconnect Request switch in the radius settings. It should be noted that the DM function not only disconnects the client, but also unauthorize the client’s authentication record.

  0  
  0  
#6
Options
Re:CoA packet
2024-10-16 08:16:54

  @Vincent-TP Once again, thank you very much for your response.

 

I'll try to explain what I want to achieve.

 

I have a RADIUS server which can be reached by Omada

and I have clients which are can be granted access or denied access by the RADIUS server

 

The clients cannot reach the Omada Controller

 

There is no need for a portal page, but there is need to be able to disconnect clients using a Disconnect Request.

 

That's why I used this way of configuring the RADIUS server:

 

 

All the passwords are the same, but I can't get RADIUS CoA to work.

  0  
  0  
#7
Options
Re:CoA packet
2024-10-16 09:55:56

  @groove4321 

Thank you so much for taking the time to post the issue on TP-Link community!
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID241035860, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!

  0  
  0  
#8
Options
Re:CoA packet-Solution
a week ago - last edited Thursday

The problem has been identified, The problem was that the EAP and the RADIUS server where not in the same subnet, something what the EAP could not handle.

Recommended Solution
  0  
  0  
#9
Options