Omada SDN 5.11 radius features

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada SDN 5.11 radius features

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada SDN 5.11 radius features
Omada SDN 5.11 radius features
2023-07-29 08:23:18 - last edited 2023-09-24 11:11:03

Hi,

I have not installed the beta controller but i am very interested by the new features comprised therein.

 

My question is the following one : With the addition of a radius server within the controller, will vlan tagging within each radius account be working ? Will user vlan tagging at switch or eap level be working ?

 

Despite the free radius vlan tagging configuration guide (https://community.tp-link.com/en/business/kb/detail/630), it doesnt work atm.

 

See my report (https://community.tp-link.com/en/business/forum/topic/612584)

  0      
  0      
#1
Options
1 Accepted Solution
Re:Omada SDN 5.11 radius features-Solution
2023-09-24 09:23:16 - last edited 2023-09-24 11:11:03

  @Yttra 

it looks almost right, you need to enable tunnel replay on radius server to make vlan work.

you must also make sure that the vlan interface on the router is enabled on the port connected to the switch. here I usually enable all interfaces on all vlans. it is easy to forget this

 

Recommended Solution
  2  
  2  
#8
Options
10 Reply
Re:Omada SDN 5.11 radius features
2023-07-29 09:31:32

 

My question is the following one : With the addition of a radius server within the controller, will vlan tagging within each radius account be working ? Will user vlan tagging at switch or eap level be working ?

 

 

  @Yttra 

Yes

  0  
  0  
#2
Options
Re:Omada SDN 5.11 radius features
2023-09-23 21:31:50

  @MR.S 

 

Hi,

I just updated to Omada SDN 5.12.7

 

The built-in server does work. However, even if a vlan is specified for a user in the built-in Radius profile, the user is not assigned the correct vlan.

 

Anyone else got that behavior ? Any obvious option to check in order to get it to work ?

 

 

  0  
  0  
#3
Options
Re:Omada SDN 5.11 radius features
2023-09-23 22:15:31

  @Yttra 

works perfectly here. You need to post some screenshots of your config.

 

  0  
  0  
#4
Options
Re:Omada SDN 5.11 radius features
2023-09-23 22:35:09

  @MR.S 

Am baffled then.

 

What screenshots do you need ?

I am eager to find out whats the issue.

  0  
  0  
#5
Options
Re:Omada SDN 5.11 radius features
2023-09-23 22:38:13

  @Yttra 

 

Ok, what have you configured on controller , you have configured radius but get wrong vlan so something must you have done`?

  0  
  0  
#6
Options
Re:Omada SDN 5.11 radius features
2023-09-24 08:45:02 - last edited 2023-09-24 11:11:18

  @MR.S 

 

Thank you for taking the time to go through my situation.

 

My setup :

 

Firewall : pfSense 2.7

Switch : TL-SG2008P v3.0 Firmware 3.0.5 (latest)

EAP :  EAP653(EU) v1.0 Firmware 1.0.9 (latest)

Controller : Omada SDN 5.12.7 in docker. All relevant ports are opened, including radius port 1812

Each and every part of the setup is wired, and is assigned to Vlan 1.

 

What i seek to do : I want to have only one SSID with Radius authentication, in order for each client to get assigned to the right subnet depending of the profile assigned.

 

What works :

Multiple Vlans  are setup. Connectivity and isolation, managed within pfsense, is working fine.

At moment, i have three SSIDs each linked to a different SSID. The clients each receive an IP in the right IP range.

 

I experimented with Radius and I managed to have clients achieve Radius Authentication, either with a freeradius server within pfsense or the built-in radius server in Omada SDN 5.12.7

 

What doesn't work : When using Radius authentication, clients receive an IP address within the default Vlan1 subnet, ignoring the Vlan specified in the radius profile.

The result is similar both with a freeradius server within pfsense or with the built-in radius server in Omada (profiles in freeradius and in the built-in radius server are the same).

 

My configuration

 

Controller:

AP:

Radius profiles :

 

Details of a user in the Radius profile:

 

Vlan profile applied to the switch port the EAP is connected to

 

I hope i provided enough information.  If you need something more, please ask.

 

I have been working on that issued with Radius Authentication for quite a long time now (see my other posts). I can not see the issue would be but that EAP653 does not currently support radius authentication. As other users have pointed it out, we should be able to get information within Omada, that an equipment does or does not support a feature.

 

Regards

 

 

 

 

  0  
  0  
#7
Options
Re:Omada SDN 5.11 radius features-Solution
2023-09-24 09:23:16 - last edited 2023-09-24 11:11:03

  @Yttra 

it looks almost right, you need to enable tunnel replay on radius server to make vlan work.

you must also make sure that the vlan interface on the router is enabled on the port connected to the switch. here I usually enable all interfaces on all vlans. it is easy to forget this

 

Recommended Solution
  2  
  2  
#8
Options
Re:Omada SDN 5.11 radius features
2023-09-24 09:44:55

  @Yttra 

to test radisus there is a cool tool I use. try to find a download to NTRadPING.. this tool can save your day when you test radisus servers.

 

  0  
  0  
#9
Options
Re:Omada SDN 5.11 radius features
2023-09-24 11:10:55

  @MR.S 

 

You ARE golden !!!!

 

That f****ing setting was the cause of my issue.

 You saved my day and a lot of nights.

 

Thank you so much, i can not express how grateful i am !!!

  0  
  0  
#10
Options
Re:Omada SDN 5.11 radius features
2023-09-24 11:21:57

  @Yttra 

 

yes

  0  
  0  
#11
Options