'Re: freeradius with UNIFI APs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: freeradius with UNIFI APs
From:       Nawar Al Tarazi <nawar.tarazi () contentful ! com>
Date:       2019-08-22 11:52:41
Message-ID: CACsWTT4gnMUde78z2+5CBHACj4djJZcxYFbqQptFjnuZZF2Qew () mail ! gmail ! com
[Download RAW message or body]

well , The final result was, A problem in AP firmware, we downgraded to
4.0.21 and it works
Thank you all for the response

On Mon, Aug 19, 2019 at 11:06 PM Arran Cudbard-Bell <
a.cudbardb@freeradius.org> wrote:

> 
> 
> > On 15 Aug 2019, at 17:09, Matthew Newton <mcn@freeradius.org> wrote:
> > 
> > On Thu, 2019-08-15 at 15:15 -0400, Arran Cudbard-Bell wrote:
> > > > On 15 Aug 2019, at 14:22, Elias Pereira <empbilly@gmail.com> wrote:
> > > > 
> > > > Arran, You can configure the vlans directly in freeradius and then
> > > > in unifi controller check "Enable RADIUS assigned VLAN for wireless
> > > > network". We have it here and it works perfectly.
> > > 
> > > This was for the FreeRADIUS/Network RADIUS office where all the
> > > octopuses live, we know how to do dynamic VLAN assignment ;)
> > 
> > Not _all_ the octopuses. I look after some here...
> 
> True :)
> 
> > 
> > > Maybe this was just a coincidence, and the APs just had to warm up to
> > > the fact they were going to be assigning VLANs dynamically
> > 
> > Unifi seems a bit odd, and I can't explain its behaviour.
> 
> "At the time of writing, one known limitation with RADIUS controlled VLANs
> is that you can't share a VLAN ID between RADIUS users and a static VLAN
> assignment on another SSID on that AP. So, if SSID1 has a static VLAN
> assignment of 10, and SSID2 is configured for RADIUS controlled VLANs, the
> users on SSID2 cannot use the VLAN ID of 10, but they can use any other
> VLAN ID. If you had a 3rd SSID, that also used RADIUS controlled VLANs, you
> can use the same VLAN IDs as you would for the users on SSID 2 (except for
> 10). This applies on a per-AP basis. Disabling the wireless network on the
> controller is sufficient means to avoid the static VLAN overlap while
> transitioning to dynamic VLAN."
> 
> 
> https://help.ubnt.com/hc/en-us/articles/219654087-UniFi-Using-VLANs-with-UniFi-Wireless-Routing-Switching-Hardware
>  
> That's what got us.  We had a "legacy" SSID for devices which couldn't do
> 802.1X, which had one of the VLANs we were assigning dynamically configured.
> 
> Setting the legacy network to mac-auth and removing the static VLAN
> assignment fixed it.
> 
> > My *guess* is that the "networks" list is irrelevant for dynamic
> > assignment:
> 
> Yeah I agree, it was definitely this other issue.
> 
> > the untagged VLAN doesn't work, any static VLAN for another
> > SSID doesn't work, but all other VLANs do.
> > All rather weird. One thing is certain, though: FreeRADIUS is working
> > perfectly ;-)
> 
> Indeed :)
> 
> -Arran
> 
> 
> Arran Cudbard-Bell <a.cudbardb@freeradius.org>
> FreeRADIUS Development Team
> 
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Nawar Al Tarazi
IT Working Student

nawar.tarazi@contentful.com
+4915787991702

www.contentful.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic