EAP610(EU) v3: no RADIUS authentication after reboot

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

EAP610(EU) v3: no RADIUS authentication after reboot

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
EAP610(EU) v3: no RADIUS authentication after reboot
EAP610(EU) v3: no RADIUS authentication after reboot
2022-11-10 11:09:57
Model: EAP610  
Hardware Version: V3
Firmware Version: 1.1.0

Hi,

 

I figured out an authentication issue on EAP610 V3 according RADIUS authentication. This is my setup:

 

RADIUS on VLAN 10 (subnet 192.168.10.0/24)

management VLAN 19 (subnet 192.168.19.0/24)

 

So, the EAP got an ip address on its management interface like 192.168.19.x, so managent VLAN has been enabled on Omada controller and configured correctly. The RADIUS got an ip address like 192.168.10.x and is reachable from the management subnet.

 

After the EAP is adopted and configured completely by the controller the first time, authentication against the RADIUS works fine. After a reboot, EAP ist no longer able to reach the RADIUS. This is also the case, when I disable management VLAN on EAP, so its interface gots an id address from VLAN 10. Authentication fails.

 

I also have an EAP225-outdoor (v3, FW 5.0.8). This device has absolutely no problem regarding RADIUS, neither after a reboot.

 

So, I did some packet captures on the EAP610 as well as on the EAP225 and found a difference in the RADIUS requests:

 

EAP225 sends the request as followed:

AVP: t=NAS-IP-Address(4) l=6 val=192.168.19.x

 

EAP610 sends the request this way:

AVP: t=NAS-IP-Address(4) l=6 val=192.168.0.254

 

I have no idea, why EAP610 uses the subnet 192.168.0.0/24. There is no such subnet in my network at all.

 

Anybody else having this issue? This not the only issue I have with this EAP, but that's a story for another post...

  0      
  0      
#1
Options
5 Reply
Re:EAP610(EU) v3: no RADIUS authentication after reboot
2022-11-10 12:05:59

Guess, I found a bug:

 

IP address 192.168.0.254 seems to be the fallback address of the interface, when there is no DHCP server. So, I configured an untagged VLAN on the switch port the EAP is connected to as well as the tagged VLAN for management. Both VLAN has a DHCP server. But I got no progress. No RADIUS authentication working.

  0  
  0  
#2
Options
Re:EAP610(EU) v3: no RADIUS authentication after reboot
2022-11-14 06:57:11

Dear @Mett ,

 

Thank you so much for taking the time to post the issue on TP-Link community!

 

To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue.

The ticket ID is TKID221119213, please check your email box and ensure the support email is well received. Thanks!

Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.

 

Many thanks for your great cooperation and patience!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#3
Options
Re:EAP610(EU) v3: no RADIUS authentication after reboot
2022-11-14 09:47:44

In the meanwhile I moved RADIUS service from the linux server to the router (it is a MIkrotik device with built in RADIUS). Now, authentication works also after a reboot of the EAP610. I have to look into the traffic later and will post the result.

  0  
  0  
#4
Options
Re:EAP610(EU) v3: no RADIUS authentication after reboot
2022-11-15 20:50:52

It's quite strange. Now, RADIUS authentications works against router as well as linux server. At first, the AP sends as request

 

AVP: t=NAS-IP-Address(4) l=6 val=192.168.0.254

 

The second attempt contains

 

AVP: t=NAS-IP-Address(4) l=6 val=192.168.19.x

 

At this moment I don't understand, why this is the case...

  0  
  0  
#5
Options
Re:EAP610(EU) v3: no RADIUS authentication after reboot
2022-11-16 05:37:48

  @Mett 

 

Hope you are doing well. Our support team reported that they haven't received your email reply at all.

 

Have you ever received the support email who case ID is TKID221119213?

Or was your concern resolved on your own finally?

 

We are looking forward to hearing from you again.

 

Best Regards!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#6
Options