802.1x GVRP dynamic vlans freradius attributes

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

802.1x GVRP dynamic vlans freradius attributes

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
802.1x GVRP dynamic vlans freradius attributes
802.1x GVRP dynamic vlans freradius attributes
2015-06-29 04:35:26
Region : Poland

Model : TL-SG3210

Hardware Version : V2

Firmware Version : 1.9.9

ISP :


Hi folks,
I've problem with SG3210. I've made all required steps to setup dynamic vlans assignments. I've used freeradius. Authentication accepted, but parameters required to assign proper vlan have not being used.Wireshark said that Tunnel-Medium-Type, Tunnel-Type and Tunnel-Private-Group-Id are transferred but not used by the switch. I've set port based authentication, type trunc.
What is not ok? Switch always said "Port authentication passed" but nothing happens and the next one message is "Port authentication exit".
I'll be appreciate for any information.


ps. I feel that extra parameters are not supported by this switch.
  0      
  0      
#1
Options
2 Reply
Re:802.1x GVRP dynamic vlans freradius attributes
2016-03-07 05:26:21
I don't want to kill your expectations but I would be very surprised if the switched supports those parameters.
Not only that, I have the same switch, v1, but the switch is not even capable of passing the port type (ethernet) to the RADIUS server.

Regarding the other behavior that you see:
Switch always said "Port authentication passed" but nothing happens and the next one message is "Port authentication exit".

I have the same problem with my Linux clients or any client that is not capable of running TP-Link propiertary 802.1x client software (basically any non-Windows client). As far as I could analyze the TP-Link 802.1x propietary client is sending the switch some kind of "heartbeat" packet around every 10 seconds. If the switch doesn't receive this heartbeat from the client (and no standard client -like the one native on Linux or even Windows- is capable of sending this non-standard customized packet as far as I know) after 20-30 seconds it will show the "Authentication exit" message and block the port.

This is very, very annoying, because 802.1x is basically useless on TP-Link switches unless 100% of your clients are running Windows and the propietary TP-Link client.

I just opened a support case about this, since I own two TP-Link switches (TL-SG3210 and TL-SG3424) and I'm experiencing the same behavior with both.

Once I get a response from TP-Link I will post any news here.
  0  
  0  
#2
Options
Re:802.1x GVRP dynamic vlans freradius attributes
2016-04-04 18:15:12
It's likely you are not running the TP-Link 802.1x client.

TP-Link switches will only work with clients using their 802.1x client for Windows. After opening a support case to them, they confirmed that the switch is incompatible with any other 802.1x implementation than their own 802.1x Windows client.

This is very sad since basically the switch will not able able to provide 802.1x security in any mixed environment with Mac or Linux clients.
  0  
  0  
#3
Options