Omada SDN 5.11 radius features
Hi,
I have not installed the beta controller but i am very interested by the new features comprised therein.
My question is the following one : With the addition of a radius server within the controller, will vlan tagging within each radius account be working ? Will user vlan tagging at switch or eap level be working ?
Despite the free radius vlan tagging configuration guide (https://community.tp-link.com/en/business/kb/detail/630), it doesnt work atm.
See my report (https://community.tp-link.com/en/business/forum/topic/612584)
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
it looks almost right, you need to enable tunnel replay on radius server to make vlan work.
you must also make sure that the vlan interface on the router is enabled on the port connected to the switch. here I usually enable all interfaces on all vlans. it is easy to forget this
- Copy Link
- Report Inappropriate Content
My question is the following one : With the addition of a radius server within the controller, will vlan tagging within each radius account be working ? Will user vlan tagging at switch or eap level be working ?
Yes
- Copy Link
- Report Inappropriate Content
Hi,
I just updated to Omada SDN 5.12.7
The built-in server does work. However, even if a vlan is specified for a user in the built-in Radius profile, the user is not assigned the correct vlan.
Anyone else got that behavior ? Any obvious option to check in order to get it to work ?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Ok, what have you configured on controller , you have configured radius but get wrong vlan so something must you have done`?
- Copy Link
- Report Inappropriate Content
Thank you for taking the time to go through my situation.
My setup :
Firewall : pfSense 2.7
Switch : TL-SG2008P v3.0 Firmware 3.0.5 (latest)
EAP : EAP653(EU) v1.0 Firmware 1.0.9 (latest)
Controller : Omada SDN 5.12.7 in docker. All relevant ports are opened, including radius port 1812
Each and every part of the setup is wired, and is assigned to Vlan 1.
What i seek to do : I want to have only one SSID with Radius authentication, in order for each client to get assigned to the right subnet depending of the profile assigned.
What works :
Multiple Vlans are setup. Connectivity and isolation, managed within pfsense, is working fine.
At moment, i have three SSIDs each linked to a different SSID. The clients each receive an IP in the right IP range.
I experimented with Radius and I managed to have clients achieve Radius Authentication, either with a freeradius server within pfsense or the built-in radius server in Omada SDN 5.12.7
What doesn't work : When using Radius authentication, clients receive an IP address within the default Vlan1 subnet, ignoring the Vlan specified in the radius profile.
The result is similar both with a freeradius server within pfsense or with the built-in radius server in Omada (profiles in freeradius and in the built-in radius server are the same).
My configuration
Controller:
AP:
Radius profiles :
Details of a user in the Radius profile:
Vlan profile applied to the switch port the EAP is connected to
I hope i provided enough information. If you need something more, please ask.
I have been working on that issued with Radius Authentication for quite a long time now (see my other posts). I can not see the issue would be but that EAP653 does not currently support radius authentication. As other users have pointed it out, we should be able to get information within Omada, that an equipment does or does not support a feature.
Regards
- Copy Link
- Report Inappropriate Content
it looks almost right, you need to enable tunnel replay on radius server to make vlan work.
you must also make sure that the vlan interface on the router is enabled on the port connected to the switch. here I usually enable all interfaces on all vlans. it is easy to forget this
- Copy Link
- Report Inappropriate Content
to test radisus there is a cool tool I use. try to find a download to NTRadPING.. this tool can save your day when you test radisus servers.
- Copy Link
- Report Inappropriate Content
You ARE golden !!!!
That f****ing setting was the cause of my issue.
You saved my day and a lot of nights.
Thank you so much, i can not express how grateful i am !!!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2915
Replies: 10
Voters 0
No one has voted for it yet.