Dynamic VLAN with EAP 783
Hello,
I have configured dynamic VLAN as explained in https://www.tp-link.com/us/support/faq/3152/ .
VLAN assignment does work with wired network and I get an IP Address.
VLAN assignment does *not* work on wireless network with EAP 783.
In tcpdump I see the AP does receive the Access-Accept packet with all attributes for dynamic VLAN assignment
but the mobile device times out and says "Cannot connect to WiFi".
Firmware Upgrade vom 1.0.7 to 1.0.14 did not have any effect.
Any hints what I can do?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@relvy Hello,
With help from the TP-Link Support the root problem has been found:
I use freeradius to do EAP-TTLS+PAP and offload PAP to a radius proxy belonging to my IdP (authentik).
As described in https://www.freeradius.org/documentation/freeradius-server/3.2.8/tutorials/eap-ttls.html the Access-Accept packet shall contain MPPE keys and the EAP-Message but that was not the case for me.
Why?
Because the radius proxy did not return any attributes.
Solution: I reconfigured freeradius to use ldap authentication belonging to my IdP (authentik).
Then I got the MPPE keys and the EAP-Message in the Access-Accept packet.
Then dynamic VLAN assignment works. Mobile Phone, Macbook's etc. can connect the SSID and access the network and internet.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1034
Replies: 21
Voters 0
No one has voted for it yet.