Hi,

i've started to change my network to new TP-Links devices as shown above. All devices are adopted by a Linux-Docker based Omada-Controller.

I tried to enable Radius-based authentification with 802.1X and configured Omada as shown here:

Configuration Guide on Dynamic VLAN with the VLAN Assignment function of RADIUS | TP-Link Deutschland

Using a Freeradius Dockercontainer, i can see that the Radiusserver is answering with correct Parameters:

Wed Feb  1 08:40:49 2023
        Packet-Type = Access-Accept
        Tunnel-Type = VLAN
        Tunnel-Medium-Type = IEEE-802
        Tunnel-Private-Group-Id = "100"
        Reply-Message = "Hello, testkamera"
        Timestamp = 1675237249
 

But the Switch isn't changing the VLAN for the configured an 802.1X activated Port. I can see, that the connected device is still asking for a IP in the Management-VLAN.

Then i tested with a Radius-Server for Windows, TekRADIUS. It's the same behavior:

01.02.2023 14:07:12.634 - RadAuth reply to  : 172.xx.xx.xxx:53550 (Success)

 Size             : 73
 Identifier       : 171
 Attributes       : 

 Tunnel-Medium-Type = 6
 Tunnel-Type = 13
 Tunnel-Private-Group-ID = 100
 User-Name = testkamera

I have deleted the Switch from Omada and configured the switch locally as described here:

Wie werden die 802.1X-Authentifizierung mit dynamischer VLAN-Zuweisung auf TP-Link-Switches konfiguriert?

Now, the Switch is asking the Radius-Server for access like before, but then its changing the VLAN as shown in the answerpaket. Both Portbased Authentificaten and MAB are running fine.

I have tried almost all possible Configurations in Omada, but the 802.1x-enabled Ports stays in the Management-VLAN (or the preconfigured VLAN).

I hope somebody can assist me with my problem. Thank you.

Regards, Daniel