EAP660 + OC300 Portal Authentication and 802.1X Authentication
Hello.
Our company is considering separating the wireless LAN for guests from the wireless LAN for employees.
The SSID for the guest wireless LAN will be WLAN-Guest, and the SSID for employees will be WLAN-Employee.
Set the VLAN for WLAN-Guest to 10 and the VLAN for WLAN-Employee to 20.
Either portal authentication or 802.1X authentication will be used for authentication. (To be determined)
Both use an external Free Radius server.
Question 1
When using portal authentication, is PAP used between EAP660 and Radius (OC300 and Radius)?
Question 2
In the case of 802.1X authentication, is EAP limited to EAP-TLS?
Does it support EAP-PEAP and other protocols?
Question 3
I have an L3 switch (Procurve 3400cl, for reference) upstream of the EAP660.
In my configuration, should I set Untagged 10 20 for the port connecting to the EAP660?
Is it correct to select “VLAN” for “Purpose:” in Wired Networks on the EAP660 side?
I don't really understand VLAN.
Please let me know if you find any problems.
Thank you in advance.
Hi @arc_1
Thanks for posting here. Please find the answers below:
Question 1
When using portal authentication, is PAP used between EAP660 and Radius (OC300 and Radius)?
>>>> Yes, it's supported. Below is the config interface for your reference:
Question 2
In the case of 802.1X authentication, is EAP limited to EAP-TLS?
Does it support EAP-PEAP and other protocols?
>>> This feature requires switch support. Please verify whether your current switch model includes this capability.
You can see the supported protocols below:
Question 3
I have an L3 switch (Procurve 3400cl, for reference) upstream of the EAP660.
In my configuration, should I set Untagged 10 20 for the port connecting to the EAP660?
Is it correct to select “VLAN” for “Purpose:” in Wired Networks on the EAP660 side?
>>> For the VLAN config for the switch port, it should be added into all the related VLANs, and the egress rule would be tagged.
We had an emulator for Omada controller, on which you will see the common supported features/protocols:
https://emulator.tp-link.com/windows-emulator-v5.15.20/index.html#devices
For your reference, below is a guide on how to configure it with TP-Link products:
How to Configure Dynamic VLAN with the Built-in RADIUS Server of Omada SDN Controller via User Auth?
Hi @arc_1
Thanks for posting here. Please find the answers below:
Question 1
When using portal authentication, is PAP used between EAP660 and Radius (OC300 and Radius)?
>>>> Yes, it's supported. Below is the config interface for your reference:
Question 2
In the case of 802.1X authentication, is EAP limited to EAP-TLS?
Does it support EAP-PEAP and other protocols?
>>> This feature requires switch support. Please verify whether your current switch model includes this capability.
You can see the supported protocols below:
Question 3
I have an L3 switch (Procurve 3400cl, for reference) upstream of the EAP660.
In my configuration, should I set Untagged 10 20 for the port connecting to the EAP660?
Is it correct to select “VLAN” for “Purpose:” in Wired Networks on the EAP660 side?
>>> For the VLAN config for the switch port, it should be added into all the related VLANs, and the egress rule would be tagged.
We had an emulator for Omada controller, on which you will see the common supported features/protocols:
https://emulator.tp-link.com/windows-emulator-v5.15.20/index.html#devices
For your reference, below is a guide on how to configure it with TP-Link products:
How to Configure Dynamic VLAN with the Built-in RADIUS Server of Omada SDN Controller via User Auth?