freeradius with UNIFI APs

Nawar Al Tarazi nawar.tarazi at contentful.com
Thu Aug 22 13:52:41 CEST 2019 

well , The final result was, A problem in AP firmware, we downgraded to
4.0.21 and it works
Thank you all for the response

On Mon, Aug 19, 2019 at 11:06 PM Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
>
> > On 15 Aug 2019, at 17:09, Matthew Newton <mcn at freeradius.org> wrote:
> >
> > On Thu, 2019-08-15 at 15:15 -0400, Arran Cudbard-Bell wrote:
> >>> On 15 Aug 2019, at 14:22, Elias Pereira <empbilly at gmail.com> wrote:
> >>>
> >>> Arran, You can configure the vlans directly in freeradius and then
> >>> in unifi controller check "Enable RADIUS assigned VLAN for wireless
> >>> network". We have it here and it works perfectly.
> >>
> >> This was for the FreeRADIUS/Network RADIUS office where all the
> >> octopuses live, we know how to do dynamic VLAN assignment ;)
> >
> > Not _all_ the octopuses. I look after some here...
>
> True :)
>
> >
> >> Maybe this was just a coincidence, and the APs just had to warm up to
> >> the fact they were going to be assigning VLANs dynamically
> >
> > Unifi seems a bit odd, and I can't explain its behaviour.
>
> "At the time of writing, one known limitation with RADIUS controlled VLANs
> is that you can't share a VLAN ID between RADIUS users and a static VLAN
> assignment on another SSID on that AP. So, if SSID1 has a static VLAN
> assignment of 10, and SSID2 is configured for RADIUS controlled VLANs, the
> users on SSID2 cannot use the VLAN ID of 10, but they can use any other
> VLAN ID. If you had a 3rd SSID, that also used RADIUS controlled VLANs, you
> can use the same VLAN IDs as you would for the users on SSID 2 (except for
> 10). This applies on a per-AP basis. Disabling the wireless network on the
> controller is sufficient means to avoid the static VLAN overlap while
> transitioning to dynamic VLAN."
>
>
> https://help.ubnt.com/hc/en-us/articles/219654087-UniFi-Using-VLANs-with-UniFi-Wireless-Routing-Switching-Hardware
>
> That's what got us.  We had a "legacy" SSID for devices which couldn't do
> 802.1X, which had one of the VLANs we were assigning dynamically configured.
>
> Setting the legacy network to mac-auth and removing the static VLAN
> assignment fixed it.
>
> > My *guess* is that the "networks" list is irrelevant for dynamic
> > assignment:
>
> Yeah I agree, it was definitely this other issue.
>
> > the untagged VLAN doesn't work, any static VLAN for another
> > SSID doesn't work, but all other VLANs do.
> > All rather weird. One thing is certain, though: FreeRADIUS is working
> > perfectly ;-)
>
> Indeed :)
>
> -Arran
>
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Nawar Al Tarazi
IT Working Student

nawar.tarazi at contentful.com
+4915787991702

www.contentful.com

More information about the Freeradius-Users mailing list