NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

jesusdf's avatar
jesusdf
Aspirant
Sep 05, 2024
Solved

WAX220 v1.0.3.4 + Management VLAN + Radius + AP VLAN = No connection

As the title says, I could reproduce what was told in this post:

 

https://community.netgear.com/t5/Business-Wireless/WAX220-WPA2-Enterprise-help-with-VLAN/td-p/2323906

 

But I have managed to find a way for it to work, however the workaround is not a valid solution for us.

 

My desired configuration is as follows:

 

Updated to latest firmware to date (v1.0.3.4).
Management VLAN: 20
WAX220 Management IP (DHCP): 172.16.20.10, gateway on 172.16.20.1
RADIUS server on another VLAN, IP 10.0.10.30, the firewall has rules to allow the connection.
Access Point: "MyWiFi" -> WPA2 Enterprise (or WPA3 Enterprise, same behaviour) + VLAN Isolation 30 (Users)

 

Expected behaviour: Wireless works and user gets connected to the VLAN 30 (Users).
Tested behaviour: No connection, not a single packet sent over the network (made many packet catpures on all the VLANs).

 

Workaround that I found while I was testing:

 

If I set the Access Point "MyWiFi" VLAN to the same id of the management VLAN (VLAN 20), the radius server receives the authentication packet and the wireless connection works, however, wireless client gets an IP on the management VLAN, instead of the desired Users VLAN (30).

 

Seems like there is some kind of problem with the routing table and the RADIUS authentication is not sent over the correct network interface.

Firmware
Troubleshooting
  • jesusdf's avatar
    jesusdf
    Nov 26, 2024

    The proposed solution is to RMA the devices for a different (newer) model, which I accepted.

    I hope that fixes it, if not, seems like OpenWRT would be the best solution for that use case.

12 Replies

  • ErwinL's avatar
    ErwinL
    NETGEAR Moderator
    Sep 09, 2024

    Hello jesusdf

     

    And welcome to the NETGEAR Community! 🙂

     

    What is your switch configuration, specifically the port where the AP is connected? 

     

    Have a lovely day,
    Erwin
    Netgear Team

    • jesusdf's avatar
      jesusdf
      Aspirant
      Sep 09, 2024

      Hi, All the VLANs are setup as tagged on that port, so it works as a trunk. The VLAN 1 (untagged) is not used anywhere, everything has a VLAN.

      • ErwinL's avatar
        ErwinL
        NETGEAR Moderator
        Sep 10, 2024

        Hello jesusdf

         

        Looks like the port is also a member of VLAN 20. May I know which port is your DHCP server for all VLANs is connected? Is that port a member of all the VLANs on the switch? Is it coming from a router, switch or a PC? Is it tagged as well? 

         

        Have a lovely day,
        Erwin
        Netgear Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More