I was really hoping I could just bang my head enough or google enough and find a answer, but alas, I'm out of ideas so I humbly ask for some help!
So my my UTM setup is working across multiple VLANs quite well - both wired and wireless, on one hand, and Radius authentication working nicely on the other. The point where I have fallen down, and is my hopefully last step, is on setting up Radius defined VLANs.
I've tested bridging to a VLAN ID - no trouble there, but as soon as I try and bridge to a VLAN ID that has been defined by radius, I loose all connectivity over WIFI - even if it is the same ID that was defined by static.
For instance, say the bridge to VLAN ID defined for the wireless network is 1.
Under Win2k12 R2 NPS I then add the attributes for setting VLAN over radius - Tunnel-Medium-Type =802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 1
If I remove just "Tunnel-Private-Group-ID = 1", it works. If I add it back, it stops working. Ugh.
This is what I'm getting in the logs:
Without Tunnel-Private-Group-ID but bridging to VLAN1 by default :
2015:04:04-21:22:09 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d IEEE 802.11: authenticated
2015:04:04-21:22:09 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d IEEE 802.11: associated (aid 1)
2015:04:04-21:22:09 10.10.220.2 awelogger[26180]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="GatewayProduction" ssid_id="WLAN0.0" bssid="00:1a:8c:08:ea:10" sta="c8:85:50:ae:61:1d" status_code="0"
2015:04:04-21:22:09 10.10.220.2 awelogger[26180]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="GatewayProduction" ssid_id="WLAN0.0" bssid="00:1a:8c:08:ea:10" sta="c8:85:50:ae:61:1d" status_code="0"
2015:04:04-21:22:10 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d WPA: pairwise key handshake completed (RSN)
2015:04:04-21:22:10 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d IEEE 802.1X: authenticated - EAP type: 25 ((null))
2015:04:04-21:22:10 10.10.220.2 awelogger[26180]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="GatewayProduction" ssid_id="WLAN0.0" bssid="00:1a:8c:08:ea:10" sta="c8:85:50:ae:61:1d"
And DHCP:
2015:04:04-21:22:11 firewall dhcpd: DHCPREQUEST for 10.10.200.201 from c8:85:50:ae:61:1d via eth1.1
2015:04:04-21:22:11 firewall dhcpd: DHCPACK on 10.10.200.201 to c8:85:50:ae:61:1d via eth1.1
Everything works as expected.
Same as above except Tunnel-Private-Group-ID set to VLAN1:
2015:04:04-21:26:50 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d IEEE 802.11: authenticated
2015:04:04-21:26:50 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d IEEE 802.11: associated (aid 1)
2015:04:04-21:26:50 10.10.220.2 awelogger[26180]: id="4103" severity="info" sys="System" sub="WiFi" name="STA authentication" ssid="GatewayProduction" ssid_id="WLAN0.0" bssid="00:1a:8c:08:ea:10" sta="c8:85:50:ae:61:1d" status_code="0"
2015:04:04-21:26:50 10.10.220.2 awelogger[26180]: id="4104" severity="info" sys="System" sub="WiFi" name="STA association" ssid="GatewayProduction" ssid_id="WLAN0.0" bssid="00:1a:8c:08:ea:10" sta="c8:85:50:ae:61:1d" status_code="0"
2015:04:04-21:26:51 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d RADIUS: VLAN ID 1
2015:04:04-21:26:51 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d WPA: pairwise key handshake completed (RSN)
2015:04:04-21:26:51 10.10.220.2 hostapd: wlan0: STA c8:85:50:ae:61:1d IEEE 802.1X: authenticated - EAP type: 25 ((null))
2015:04:04-21:26:51 10.10.220.2 awelogger[26180]: id="4101" severity="info" sys="System" sub="WiFi" name="STA connected" ssid="GatewayProduction" ssid_id="WLAN0.0" bssid="00:1a:8c:08:ea:10" sta="c8:85:50:ae:61:1d"
DHCP: Nothing. (Even if I manually assign a device, I still can't get any connectivity).
Would love for some pointers! Thanks. Dave
This thread was automatically locked due to age.
