My question is the following one : With the addition of a radius server within the controller, will vlan tagging within each radius account be working ? Will user vlan tagging at switch or eap level be working ?

 

 

  @Yttra 

Yes

  @MR.S 

 

Hi,

I just updated to Omada SDN 5.12.7

 

The built-in server does work. However, even if a vlan is specified for a user in the built-in Radius profile, the user is not assigned the correct vlan.

 

Anyone else got that behavior ? Any obvious option to check in order to get it to work ?

 

 

  @Yttra 

works perfectly here. You need to post some screenshots of your config.

 

  @MR.S 

Am baffled then.

 

What screenshots do you need ?

I am eager to find out whats the issue.

  @Yttra 

 

Ok, what have you configured on controller , you have configured radius but get wrong vlan so something must you have done`?

  @MR.S 

 

Thank you for taking the time to go through my situation.

 

My setup :

 

Firewall : pfSense 2.7

Switch : TL-SG2008P v3.0 Firmware 3.0.5 (latest)

EAP :  EAP653(EU) v1.0 Firmware 1.0.9 (latest)

Controller : Omada SDN 5.12.7 in docker. All relevant ports are opened, including radius port 1812

Each and every part of the setup is wired, and is assigned to Vlan 1.

 

What i seek to do : I want to have only one SSID with Radius authentication, in order for each client to get assigned to the right subnet depending of the profile assigned.

 

What works :

Multiple Vlans  are setup. Connectivity and isolation, managed within pfsense, is working fine.

At moment, i have three SSIDs each linked to a different SSID. The clients each receive an IP in the right IP range.

 

I experimented with Radius and I managed to have clients achieve Radius Authentication, either with a freeradius server within pfsense or the built-in radius server in Omada SDN 5.12.7

 

What doesn't work : When using Radius authentication, clients receive an IP address within the default Vlan1 subnet, ignoring the Vlan specified in the radius profile.

The result is similar both with a freeradius server within pfsense or with the built-in radius server in Omada (profiles in freeradius and in the built-in radius server are the same).

 

My configuration

 

Controller:

AP:

Radius profiles :

 

Details of a user in the Radius profile:

 

Vlan profile applied to the switch port the EAP is connected to

 

I hope i provided enough information.  If you need something more, please ask.

 

I have been working on that issued with Radius Authentication for quite a long time now (see my other posts). I can not see the issue would be but that EAP653 does not currently support radius authentication. As other users have pointed it out, we should be able to get information within Omada, that an equipment does or does not support a feature.

 

Regards

 

 

 

 

  @Yttra 

to test radisus there is a cool tool I use. try to find a download to NTRadPING.. this tool can save your day when you test radisus servers.

 

  @MR.S 

 

You ARE golden !!!!

 

That f****ing setting was the cause of my issue.

 You saved my day and a lot of nights.

 

Thank you so much, i can not express how grateful i am !!!

  @Yttra