× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Reply

WNDAP660 Radius information are buggy in FW 3.7.9.0

spuch
Guide

WNDAP660 Radius information are buggy in FW 3.7.9.0

Hello together,

 

I already posted a similar message in the German community without any solution, so I will try it here in the wider range of the English community again.

 

I'm using radius authentification of my WNDAP660 in conjunction with a FreeRadius server. While analysing the packages which are sent from the Access Point to the radius server I recognised, that the informations are some kind of buggy. For example the "NAS-Identifier" just sends „hello“ instead of a unique id and the "Connect-Info" is set to a loosy string "CONNECT 0Mbps 802.11b" although the client conected to the Access Point uses 802.11n (not b).

While the "Connect-Info" doesn't provide much harm, the "NAS-Identifier" is used, to identify a NAS and using more than one Access Point of the same type doesn't allow to distinguish between the devices when they just sent "hello".

 

The wrong setting are configured on the Access Point in file /etc/bss*.conf.wifi*

It is possible to fix that via commandline and restarting the service, but at every cold boot the procedure would have to be repeated. Can anyone confim that problem or better know how the problem be reported to the firmware developpers so that it can be fixed?

 

Kind Regards

SPuch

 

Model: WNDAP660|ProSafe 3x3 Dual Radio| Dual Band Wireless-N Access Point
Message 1 of 8

Accepted Solutions
RaghuHR
NETGEAR Expert

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

Hi @spuch

 

We have a beta firmware for this case. Please reach support team to get the firmware.

 

Thanks,

Raghu

View solution in original post

Message 3 of 8

All Replies
RaghuHR
NETGEAR Expert

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

Hi @spuch,

 

We are looking into this case. Will update you shortly.

 

Thanks,

Raghu

Message 2 of 8
RaghuHR
NETGEAR Expert

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

Hi @spuch

 

We have a beta firmware for this case. Please reach support team to get the firmware.

 

Thanks,

Raghu

Message 3 of 8
spuch
Guide

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

The provided beta firmware fixes the problem with the same NAS-Identifier for all access points. Now the mac address is given, which should be fine. I've tested that on three devices. Thanks for fixing that issue!

 

Of couse it would be nice, if the Connect-Info could also be set to some value which ist not misleading (e.g. "CONNECT 0Mbps 802.11b" if having a 300Mbps connection at 802.11ng) but for sure this is more a cosmetic aspect

 

Kind regards

SPuch

 

Message 4 of 8
RaghuHR
NETGEAR Expert

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

Hi @spuch

 

Thanks for your feedback and confirmation.

 

On your other point -CONNECT 0Mbps 802.11b"  Could you please help us to share with the packet capture where you are seeing this? 

 

Thanks,

Raghu

Message 5 of 8
spuch
Guide

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

Hi @Raghu,

 

you can find the string "CONNECT 0Mbps 802.11b" in every radius accounting packet within the Connect-Info Attribute. It is an automatically generated value (implemented in accounting.c from hostapd) which uses the hardware mode (a, b, g) of the accesspoint and the supported supported_rates (Mbps ) of the access point. If nothing or wrong values are specified in the hostapd config file (like in our case) the defaults are used which leads to "0Mbps 802.11b".

 

I see two solutions if you want to fix that:

1 option)

The "hw_mode" is set to "ng" of "na" in /etc/ap.conf.wifi*

Acccording to the source code and the manual of config file this are not supported values which leads to (valid are a, b, g in version 0.5.7 of hostapd used in the firmware). Newer version like 2.6 can also use ad or any (see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for details). Maybe the Version 'sony_r5.7' is patched for that case, i didn't check that.

Set hw_mode=g in /etc/ap.conf.wifi0 and hw_mode=a in /etc/ap.conf.wifi1 should help and maybe the parameter "supported_rates" must be set as well (see https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf)

 

2 option)

Set the parameter "radius_ath_req_attr"  in the config file for the hostapd

"this overrides the automatically generated value". You could of cause use something more generall here.

 

Both solutions would be better than the actual one, because every client connection to the access point is presumably better than 0Mbps.

 

Please let me know if that helps or if you still need a packet capture?

 

Kind regards

SPuch

Message 6 of 8
RaghuHR
NETGEAR Expert

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

Thanks @spuch for pointing out where to fix.  Much appreciate your time. We will analyze this and come back to you.

 

Regards,

Raghu

Message 7 of 8
RaghuHR
NETGEAR Expert

Re: WNDAP660 Radius information are buggy in FW 3.7.9.0

We are working on the fix and will be part of next maintainence release.

 

Thanks,

Raghu

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 4276 views
  • 1 kudo
  • 2 in conversation
Announcements