NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
radius
2 Topics
Multiple radius authentication on the same port - 802.1x M5300
Hi, I'm setting up 802.1x on our M5300 switch and I wanted to let my computers plugged on my ip phones. I wanted to know how to set up my switch to allow two different authentication on the same port, one for the phone taged on voice vlan and one for the computer untaged on data vlan. I found the 'multi-domain' option on cisco switches which seems to do what I want, is she available on M5300 switches ? Thanks for ur answers, Best regards,Solved5.3KViews0likes3Commentswndap360 radius failover with 3.6.9.0 firmware not working
Hello, we are just cleaning up our WLAN infrastructure, and for this we upgrade the WNDAP360 AP from firmware 3.5.6.0 to the most recent 3.6.9.0. In the same step we also change the radius infrastructure to use two new servers instead of one old server. Upgrade and Radius work fine under normal conditions. But what is not working, is the failover to the secondary radius server, when the first one is not responding. The primary Radius server is 192.168.163.9:1812, the secondary one at 192.168.163.10:1812 Both servers are running Windows 2016 Server, with NPS installed and configured for Radius. In the log of the AP I see this: Jun 1 17:36:05 hostapd: wifi1vap7: RADIUS Authentication server 192.168.163.9:1812 Here a station connects with WPA2-Enterprise and auth via the primary radius server works fine Jun 1 17:36:18 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: associated Jun 1 17:36:18 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 17:36:18 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: EAP Identifier of the Response-Identity does not match (was 0, expected 1) - ignored Jun 1 17:36:19 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 WPA: pairwise key handshake completed (RSN) Jun 1 17:36:19 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: authenticated - EAP type: 25 (PEAP) We then disconnect the station, and shut down the primary radius server. Then we try to connect to the station again, but here we see repeated auth failures: Jun 1 17:38:17 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: associated Jun 1 17:38:17 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 17:38:17 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: EAP Identifier of the Response-Identity does not match (was 0, expected 1) - ignored Jun 1 17:38:35 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 17:38:53 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: recvd disassoc msg from STA, reason code (8), rssi (67) Jun 1 17:38:53 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: disassociated At the same time, we see many ARP requests on the LAN for the IP 192.168.163.9 from the AP (So the AP is trying to find the now gone radius server) We did leave the primary radius server turned off for about 15 minutes, and the AP did still try to find the 192.168.163.9 radius server, no failover Then we turned the primary radius server on again, and authentication works fine again: Jun 1 17:52:37 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 17:52:37 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: EAP Identifier of the Response-Identity does not match (was 0, expected 1) - ignored Jun 1 17:52:38 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 WPA: pairwise key handshake completed (RSN) Jun 1 17:52:38 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: authenticated - EAP type: 25 (PEAP) Also when we reboot the AP with the primary radius offline, it does not pick the secondary radius server. FW Version WNDAP360_V3.6.9.0 Config Version 4.0 CMAPD Version: 1701.27.1803.40 Jun 1 02:00:50 init: init: starting pid 1808, tty '/dev/ttyS0': '/sbin/getty -L ttyS0 9600 vt100' Mar 17 15:29:06 udhcpc[656]: Sending discover... Mar 17 15:29:06 udhcpc[656]: Sending select for 192.168.163.233... Mar 17 15:29:06 udhcpc[656]: Lease of 192.168.163.233 obtained, lease time 2678400 Mar 17 15:29:10 kernel: php used greatest stack depth: 5092 bytes left Mar 17 15:29:10 kernel: php used greatest stack depth: 4764 bytes left Jun 1 18:25:17 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: associated Jun 1 18:25:17 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 18:25:17 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: EAP Identifier of the Response-Identity does not match (was 0, expected 1) - ignored Jun 1 18:25:17 hostapd: wifi0vap2: RADIUS Send failed - maybe interface status changed - try to connect again Jun 1 18:25:17 hostapd: wifi0vap2: RADIUS Authentication server 192.168.163.9:1812 Jun 1 18:25:35 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 18:25:53 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: recvd disassoc msg from STA, reason code (8), rssi (67) Jun 1 18:25:53 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: disassociated Jun 1 18:26:07 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: associated Jun 1 18:26:07 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 18:26:07 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: EAP Identifier of the Response-Identity does not match (was 0, expected 1) - ignored Jun 1 18:26:25 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 18:26:43 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: recvd disassoc msg from STA, reason code (8), rssi (67) Jun 1 18:26:43 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: disassociated Jun 1 18:26:58 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: associated Jun 1 18:26:58 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 18:26:58 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: EAP Identifier of the Response-Identity does not match (was 0, expected 1) - ignored Jun 1 18:27:16 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.1X: aborting authentication Jun 1 18:27:34 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: recvd disassoc msg from STA, reason code (8), rssi (68) Jun 1 18:27:34 hostapd: wifi0vap2: STA 74:de:2b:9f:3e:e4 IEEE 802.11: disassociated Any ideas what I can try, to get the failover working?Solved5.4KViews0likes4Comments