This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WIFI RADIUS unreachable

Gerard-Philippe Guminski 7 months ago

Hello,

we replaced our UTM with the new XGS.

Our Wifi Access Points AP55C moved to Sophos Central.

We have 3 SSIDs (Corp (VLAN31), Guest VLAN33), Free (VLAN32)).

The Corp SSID was working on the UTM with Radius-Server (ActiveDirectory Users).

In Sophos Central SSID Setup i entered the internal LAN IP Adress of my Radius-Server. But the Access Point can not connect to it.

The Radius is on my default LAN (192.168.10.0) Network.

The msg in Sophos Central:

Access Point "ETHACP04_AP55C [A4005866XXXXXXX]" radius server 192.168.10.21 : 1812 is unreachable

Can you help me please?

Sorry for my bad english.

Best regards

Phil

This thread was automatically locked due to age.

0 LuCar Toni 7 months ago

Do you see in a packet capture the packets flowing to this ip or not?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Gerard-Philippe Guminski 7 months ago in reply to LuCar Toni

No, there is nothing. No packets from the wifi vlan or from the Access Point in that vlan to the Radius. But they are configured. A authentication request pops up when i try to connect to the wifi.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni 7 months ago in reply to Gerard-Philippe Guminski

Central Wireless works without a VLAN. So the Access Point has to work in untagged network.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Gerard-Philippe Guminski 7 months ago in reply to LuCar Toni

So my config is:

LAN: 192.168.10.0 /24

Radius on DC: 192.168.10.21

Wifi Guests: VLAN 33: 192.168.33.0/24 (working fine)

Wifi Free: VLAN 32: 192.168.32.0/24 (working fine)

Wifi Corp: VLAN 31: 192.168.31.0/24 (not working)

Ports, Rules, VLANs, DHCPs configured on the XG.

Vlans also configured on the switch in between.

Are the Access Points forwarding the RADIUS Requests directly to my radius server or will that forwarded to Sophos Central?
Cancel
Vote Up 0 Vote Down

Cancel
0 Gerard-Philippe Guminski 7 months ago in reply to LuCar Toni

my access points them self are in the VLAN 30 untagged. (Vlan for AP Devices only)
Cancel
Vote Up 0 Vote Down

Cancel
0 Gerard-Philippe Guminski 7 months ago

OK. i forgott to let the Access Point Network itself talk to the RADIUS Server. So the SSID Network only is not enough. Thank you!
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni 7 months ago in reply to Gerard-Philippe Guminski

So the access point in Central wireless will communicate untagged. This is a different behavior compared to UTM. Check if the access point is reachable and get an ip in the untagged network.

Then check if you see any kind of traffic on the radius server port 1812

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel