This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
But I have managed to find a way for it to work, however the workaround is not a valid solution for us.
My desired configuration is as follows:
Updated to latest firmware to date (v1.0.3.4). Management VLAN: 20 WAX220 Management IP (DHCP): 172.16.20.10, gateway on 172.16.20.1 RADIUS server on another VLAN, IP 10.0.10.30, the firewall has rules to allow the connection. Access Point: "MyWiFi" -> WPA2 Enterprise (or WPA3 Enterprise, same behaviour) + VLAN Isolation 30 (Users)
Expected behaviour: Wireless works and user gets connected to the VLAN 30 (Users). Tested behaviour: No connection, not a single packet sent over the network (made many packet catpures on all the VLANs).
Workaround that I found while I was testing:
If I set the Access Point "MyWiFi" VLAN to the same id of the management VLAN (VLAN 20), the radius server receives the authentication packet and the wireless connection works, however, wireless client gets an IP on the management VLAN, instead of the desired Users VLAN (30).
Seems like there is some kind of problem with the routing table and the RADIUS authentication is not sent over the correct network interface.
Re: WAX220 v1.0.3.4 + Management VLAN + Radius + AP VLAN = No connection
Hello jesusdf
Looks like the port is also a member of VLAN 20. May I know which port is your DHCP server for all VLANs is connected? Is that port a member of all the VLANs on the switch? Is it coming from a router, switch or a PC? Is it tagged as well?
Re: WAX220 v1.0.3.4 + Management VLAN + Radius + AP VLAN = No connection
Everything is connected to a pfSense firewall and a switch. The switch configuration is fine, it's a problem with the netgear firmware.
To reproduce it:
1) Management with VLAN A.
2) Wireless with VLAN B.
3) If the access point security is WPA3 personal, the connection works as expected, the users get into VLAN B, and the web administration is on VLAN A.
4) If you switch the security to WPA3 enterprise, the connection only workis if A = B. In any other case, the access point does not send a single RADIUS packet.
I have opened a support ticket for this same issue. I will update here if there's any change.
I do apologize for the inconvenience but hanks for accepting the replacement device. I do hope the replacement unit works for you. Moving this thread to closed since you have a different device now.
