<
Switches
802.1X again
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
802.1X again
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
2017-06-16 17:35:25
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
802.1X again
2017-06-16 17:35:25
Tags:
Model : T2600G-52TS
Hardware Version : Not Clear
Firmware Version : 2.0.0 Build 20160923 Rel.39814(s)
ISP : -
I wish to deploy 802.1X auth in our network, but no luck. I have followed this guide: http://www.tp-link.com/hu/faq-787.html but not even able to trick the switch to try to authenticate against the radius server. Even the port stays authenticated however I expect it to change:
Any idea, suggestion... anything?
Hardware Version : Not Clear
Firmware Version : 2.0.0 Build 20160923 Rel.39814(s)
ISP : -
I wish to deploy 802.1X auth in our network, but no luck. I have followed this guide: http://www.tp-link.com/hu/faq-787.html but not even able to trick the switch to try to authenticate against the radius server. Even the port stays authenticated however I expect it to change:
Any idea, suggestion... anything?
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
Announcement Manage
9 Reply
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
Re:802.1X again
2017-06-19 17:25:52
I just realised that after the firmware upgrade I have booted the old one. Changing to the latest firmware did not help, still no 802.1X.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#2
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
Re:802.1X again
2017-06-19 18:47:00
Hahh, progress. Now I can see a MAB column for the port config, and enabling the MAB now I can see the access requests and answers, and enabled the network security/802.1X/VLAN Assignment too. However answering the following:
(4) Sent Access-Accept Id 49 from 10.34.32.12:1812 to 10.34.32.21:45645 length 0
(4) Reply-Message = "Device with MAC Address 5C-FF-35-0C-57-67 authorized for network access"
(4) Tunnel-Type = VLAN
(4) Tunnel-Medium-Type = IEEE-802
(4) Tunnel-Private-Group-Id = "2"
(4) Finished request
I cannot see the port effected. The VLAN 2 is a blackhole one once a machine is fallen into should not able to ping outside, but it still can. My goal to use RADIUS server to auth and select VLANs for each MAC.
(4) Sent Access-Accept Id 49 from 10.34.32.12:1812 to 10.34.32.21:45645 length 0
(4) Reply-Message = "Device with MAC Address 5C-FF-35-0C-57-67 authorized for network access"
(4) Tunnel-Type = VLAN
(4) Tunnel-Medium-Type = IEEE-802
(4) Tunnel-Private-Group-Id = "2"
(4) Finished request
I cannot see the port effected. The VLAN 2 is a blackhole one once a machine is fallen into should not able to ping outside, but it still can. My goal to use RADIUS server to auth and select VLANs for each MAC.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#3
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
Re:802.1X again
2017-08-01 21:38:57
To continue my monologue:
- Still cannot get it working.
- The support sent useless answer (a .jpg crop of the documentation, which was unavailable anyway at the moment) regarding what the MAB/VLAN assigment is. I know what it is, that's why I want it.
- Meanwhile I have set up a RouterOS hotspot/MAB with the very same RADIUS server, and it is working, so I suppose the RADIUS server configuration is correct.
- The support cannot answer even the simple questions like "is my (switch) configuration correct?"
Did anyone ever managed to get help from TP-Link?
- Still cannot get it working.
- The support sent useless answer (a .jpg crop of the documentation, which was unavailable anyway at the moment) regarding what the MAB/VLAN assigment is. I know what it is, that's why I want it.
- Meanwhile I have set up a RouterOS hotspot/MAB with the very same RADIUS server, and it is working, so I suppose the RADIUS server configuration is correct.
- The support cannot answer even the simple questions like "is my (switch) configuration correct?"
Did anyone ever managed to get help from TP-Link?
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#4
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 247
Helpful: 40
Solutions: 1
Stories: 0
Registered: 2018-07-19
Re:802.1X again
2017-08-09 15:40:15
Did you configured the guest vlan in 802.1x? Guest vlan can't work work with MAB at the same time in TP-LINK managed switch. I have asked them.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#5
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
Re:802.1X again
2017-08-10 01:33:13
No, the guest network is disabled - fortunately.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#6
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 247
Helpful: 40
Solutions: 1
Stories: 0
Registered: 2018-07-19
Re:802.1X again
2017-08-10 13:49:25
fisherhu wrote
No, the guest network is disabled - fortunately.
I have not T2600G-52TS,but I have T2600G-28TS. I do the simple test accoridng to the FAQ you said.802.1X function is working well.
Did you disable the status of port that connect to radius server?
I suggest you configure port based 802.1X firstly, if every woking well then configure MAB and vlan assign.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#7
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
Re:802.1X again
2017-08-11 01:54:16
- the 802.x working
- mab working
- the vlan assignment not working (seems the switch ignores th Tunnel-Private-Group-Id) attribute.
Meanwhile the support started to answer to my emails whitin a day, instead 9 days, so I hope it will be clear soon what the problem is.
Now I have two threads here and the emails and not all in sync so I think I better "close" these ones and focus on the e-mails then provide the solution here once everything is clear.
- mab working
- the vlan assignment not working (seems the switch ignores th Tunnel-Private-Group-Id) attribute.
Meanwhile the support started to answer to my emails whitin a day, instead 9 days, so I hope it will be clear soon what the problem is.
Now I have two threads here and the emails and not all in sync so I think I better "close" these ones and focus on the e-mails then provide the solution here once everything is clear.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#8
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 2
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-08-22
Re:802.1X again
2017-08-22 20:58:14
Any success? We're currently facing the same issue on a T1600.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#9
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 1
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2019-02-28
Re:802.1X again
2019-02-28 15:09:53
Same issue here with a T2600G-28TS v3:
- 802.x working
- mab working
- vlan assignment not working (seems the switch ignores the Tunnel-Private-Group-Id attribute).
And found the solution in TP-Link Guide "Configuration Guide for 802.1X VLAN Assignment and MAB":
"VLAN Assignment takes effect only when the control type is Port Based. Set the control type as Port Based on the ports connected to clients."
Your screenshot shows Control Type "MAC based".
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#10
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
2017-06-16 17:35:25
Posts: 7
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-06-06
Information
Helpful: 0
Views: 2374
Replies: 9
Voters 0
No one has voted for it yet.
Tags
Report Inappropriate Content
Transfer Module
New message