Business Community > WiFi > WPA-Enterprise with FreeRADIUS – Devices Failing to Reconnect & VLAN Switching Issues
< WiFi

WPA-Enterprise with FreeRADIUS – Devices Failing to Reconnect & VLAN Switching Issues

WPA-Enterprise with FreeRADIUS – Devices Failing to Reconnect & VLAN Switching Issues

WPA-Enterprise with FreeRADIUS – Devices Failing to Reconnect & VLAN Switching Issues
WPA-Enterprise with FreeRADIUS – Devices Failing to Reconnect & VLAN Switching Issues
2025-03-03 06:10:17
Tags: #VLAN & Multi-Networks #RADIUS
Model: EAP772  
Hardware Version: V1
Firmware Version: 1.0.14

I recently switched from PPSK with RADIUS (a mix of two EAP673 units and one EAP772 unit) to WPA-Enterprise (using only two EAP772 units), both configured with FreeRADIUS. While PPSK with RADIUS works perfectly, I'm encountering some issues with WPA-Enterprise.

 

Below is a sample Access-Accept response from FreeRADIUS. Most of the time, it correctly assigns my client devices to VLAN 53 as expected.


(11) Sent Access-Accept Id 212 from 192.168.10.225:1812 to 192.168.10.7:37370 length 191
(11)   MS-MPPE-Recv-Key = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
(11)   MS-MPPE-Send-Key = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
(11)   EAP-Message = 0x03aa0004
(11)   Message-Authenticator = 0x00000000000000000000000000000000
(11)   User-Name = "myuname"
(11)   Framed-MTU += 994
(11)   Tunnel-Type += VLAN
(11)   Tunnel-Medium-Type += IEEE-802
(11)   Tunnel-Private-Group-Id += "53"

 

I'm currently facing two issues:
 

  1. Some devices fail to reconnect after successfully establishing the initial connection. After troubleshooting, I found that not every connection request is being sent to FreeRADIUS. If a request isn't sent, the connection inevitably fails.

  2. After remaining on VLAN 53 (the assigned Tunnel-Private-Group-Id) for a few hours, some devices may unexpectedly revert to the default (untagged) VLAN.


Has anyone encountered similar issues or have any recommendations on how to resolve them?

 

  0      
 
  0      
 
#1
Options
2 Reply
Re:WPA-Enterprise with FreeRADIUS – Devices Failing to Reconnect & VLAN Switching Issues
2025-03-05 09:30:52

  @yliu 

Thank you so much for taking the time to post the issue on TP-Link community!
To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID250309735, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:WPA-Enterprise with FreeRADIUS – Devices Failing to Reconnect & VLAN Switching Issues
18 hours ago

#####

Update on the issue 2. After remaining on VLAN 53 (the assigned Tunnel-Private-Group-Id) for a few hours, some devices may unexpectedly revert to the default (untagged) VLAN.

#####

 

After investigating with Omada Support, it seems the issue is possibly related to RADIUS session timeouts and DHCP lease interactions. Their suggestion was to adjust the RADIUS session timeout and compare it with the DHCP lease time.

 

Tested Configurations:

  1. RADIUS Session-Timeout < DHCP Lease Time

    • If a client device goes into sleep mode, it loses its WiFi connection due to a lack of interaction with RADIUS or EAP.

  2. RADIUS Session-Timeout > DHCP Lease Time (My current setup)

    • This configuration significantly reduces the chances of encountering the issue.

    • However, an edge case occurs if the device remains in sleep longer than the RADIUS session timeout.

 

Additional Findings:

  • Setting RADIUS Session-Timeout to 0 causes the client device to disconnect immediately, rather than keeping the session indefinitely.

  • There is no officially recommended ratio between Session-Timeout and DHCP lease time—trial and error may be needed.

  • The issue persists with Omada’s built-in RADIUS server, but I'm using FreeRADIUS.

 

  0  
  0  
#3
Options

Information

Helpful: 0

Views: 183

Replies: 2

Tags

VLAN & Multi-Networks
RADIUS
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.