Background:

 

This post provides a configuration guide on how to configure WPA-Enterprise network with Omada built-in RADIUS profile. 

 

 

This Article applies to:

 

Omada SDN Software Controller V5.15 and above.

 

 

Application Scenario:

 

With the support of Omada built-in RADIUS profile, the omada sdn solution can put clients authenticated by different accounts to the corresponding vlans. In this way, clients will obtain ip addresses from different vlans, and you don't have to create many ssids bound with different vlans for wireless networks, or bind the pvids of the switch ports to specific vlans for wired networks.

 

 

Configuration Steps:

 

Step 1. Enable and Configure Built-in RADIUS

 

1. Launch Omada SDN controller, go to Global View > Settings > Server Settings, enable Built-in RADIUS, and click Apply.

 

 

Note: Enable Tunneled Reply: Allow the reply of the Tunneled Reply-related attributes to the device. Only after this switch is enabled can the client be assigned a VLAN.

 

Step 2. Create VLAN Interfaces

 

1. Go to Site View >  Settings > Wired & Wireless Networks > LAN, create two interfaces with vlan20 and vlan30.

  

 

Step 3. Create a Wireless Network

 

1. Go to Site View >  Settings > Wired & Wireless Networks > WLAN, click Create New Wireless Network: choose the security type as WPA-Enterprise, choose the RADIUS Profile as the Built-in RADIUS, like below:

 

 

Note: No need to change the VLAN settings, just keep it as the Default.

 

Step 4. Create a RADIUS Profile

 

1. Go to Site View, choose Settings > Network Profile > RADIUS Profile, click Edit

 

 

2. Click Add New RADIUS User:

 

 

For the Authentication Type, we can choose it as User Authentication or MAC Authentication.

 

 

 

Here we take User Authentication for example, create two accounts for VLAN20 and VLAN30 separately:

 

 

Verification:

 

Connect a phone to the created SSID test12, it will ask you to input a username and password:

 

 

We got an IP 192.168.20.2 when input the account for VLAN20:

 

 

And when input the account for VLAN30, we got an IP 192.168.30.2:

 

 

You can also import Raduis users via this button:

 

Recommended Threads:

 

How to Shut Down the Switch Port Connected to an EAP to Prevent Intrusion via 802.1X Authentication?

 

 

Feedback:

 

• If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
• If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valuable feedback!

 

------------------------------------------------------------------------------------------------

Have other off-topic issues to report? 

Welcome to > Start a New Thread < and elaborate on the issue for assistance.