NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

c500's avatar
c500
Follower
Jul 09, 2022

Netgear GS724v4 - MAC Based authentication

Hi all, I've been using MAC VLAN redirection on my switch for quite a while to push some devices like IOT and other systems into different VLANs. It's worked fine and defaults to primary VLAN ID for systems that are not in the list (example into a guest VLAN with captive portal). Downside being that there is no description field and not great for keep track. Also, having more than one switch is not the most efficient way to manage these. 

 

Recently started looking at RADIUS for MAC Based authentication to assign a VLAN to the client system. I haven't worked with RADIUS prior so not sure if I am understanding this correctly with all the information and forums posts that people have noted their issues. I've setup RADIUS services on a pfSense firewall (freeradius3) and tested with the local tool "radtest" which is working for returning a VLAN ID. For the Netgear GS724Tv4 (firmware v6.3.1.43) I have setup the RADIUS server, configured port based authentication, VLAN assignment mode, set most ports to authorized for ports that don't need to authenticate, set some of the ports for MAC Based authentication, configured Dot1x authentication to Radius. I've tried all sort of configuration settings and nothing seems to work to have the switch send a MAC based authentication request to the RADIUS server so I'm not sure if this switch is meant to do this.

 

I've used packet capture from the pfSense firewall to scan anything from the Netgear and nothing is coming from it. If I set the HTTP authentication default to RADIUS then I do see authentication requests so I know the switch is not blocked in some way and it does send some kind of auth requests to the RADIUS server. The Netgear RADIUS service counter also shows nothing is sent to the RADIUS server when using MAC Based auth is configured on ports. Counters remain at 0. Tried wireless AP connected to a Mac Auth port with different devices, a physical system to a Mac Auth port. 

 

As a comparison, I have TP-Link TL-SG3248X where I setup a similar configuration. This switch sends a MAC based authentication to the RADIUS server and a VLAN is returned but does not assign a VLAN where the Netgear sends nothing at all. OpenVPN also works fine with it but I know it is not the same use case. It is only a confirmation that something is working with the RADIUS service.

 

Appreciate any feedback.

 

 

1 Reply

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Nov 30, 2022

    c500,

     

    Welcome to the community! 🙂

     

    It would be best if you open a support ticket with the NETGEAR Support Team here at anytime for technical assistance.  Kindly state the steps you did regarding your concern.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team  

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More