NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

IT_Dad's avatar
IT_Dad
Initiate
Oct 22, 2020
Solved

Netgear GS108Tv3 Radius Authentication To Ubiquiti USG

I am new negtworking and I am trying to setup a GS108Tv3 Netgear Switch to use the Radius server on a Ubiquiti Secure Gateway(USG).  My hope was that anything connecting to my netgear switch will have to authenticate to the usg Radius server and the USG would set VLAN and dish out IP addresses for the device connected to switch. Unfortunatly, I keep getting "AUTHMGR-5-RADIUS_CONN_FAIL sal_authmgr.c(1754) %% Connect to RADIUS server host 192.168.xxx.xxx Fail" in the logs of the switch. 

 

My configuration is: WAN --> USG --> GS108Tv3 --> Device to connect to network. I followed procedure for setting up dynamic VLANs and I am assuming its working because I get a guest VLAN ip address when I don't authenticate. My hope is that any device connected to the ports that I configured for dynamic VLAN would get a web page popping up to authenticate but I don't get anything asking me to put in a password.

 

Any help or suggestions on if anyone has tried to use the Ubigquiti Radius serer with a netgear switch would be greatly appreciated.

 

 

 

  • First configure the RADIUS server on the switch, e.g. Security > Management Security > RADIUS > Server Configuration for the RADIUS authentication server.

     

    Then you can enable 802.1x on the switch port - that's all straight forward. However, carefully check the fine documentation on configuring. Don't forget to put the dot.1x authentication list to RADIUS. Security > Management Security -> Authentication List -> Dot.1x Authentication list.

     


    IT_Dad wrote:

    My hope is that any device connected to the ports that I configured for dynamic VLAN would get a web page popping up to authenticate but I don't get anything asking me to put in a password.


    No Web page at all...  There must be a 802.1x supplicant on the computer connected and properly configured. Most settings are related to the RADIUS server itself, the switch does only hand over the 802.1x packets to the RADIUS server. 

     

     

2 Replies

  • schumaku's avatar
    schumaku
    Guru - Experienced User

    First configure the RADIUS server on the switch, e.g. Security > Management Security > RADIUS > Server Configuration for the RADIUS authentication server.

     

    Then you can enable 802.1x on the switch port - that's all straight forward. However, carefully check the fine documentation on configuring. Don't forget to put the dot.1x authentication list to RADIUS. Security > Management Security -> Authentication List -> Dot.1x Authentication list.

     


    IT_Dad wrote:

    My hope is that any device connected to the ports that I configured for dynamic VLAN would get a web page popping up to authenticate but I don't get anything asking me to put in a password.


    No Web page at all...  There must be a 802.1x supplicant on the computer connected and properly configured. Most settings are related to the RADIUS server itself, the switch does only hand over the 802.1x packets to the RADIUS server. 

     

     

  • Thanks for the suggestion.  You comment about the supplicant made me do ore research and I found out that I had incorrect IP in for Radius server.  After changing it I was able to change the VLAN in the switch dynamically based off of mac addresses with the Ubiquiti USG built in Radius server.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More