How to configure 802.1X VLAN Assignment on Omada Controller
Contents
Configuring Access Authentication with Omada Built-in RADIUS
Configuring Access Authentication with FreeRadius
This article describes how to configure 802.1X VLAN Assignment authentication using Omada's Built-in RADIUS and external FreeRadius, respectively.
- Omada Smart/ L2+/L3 series switches
- Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.9 and above)
802.1X is a network authentication protocol used to authenticate users or devices connecting to the network. VLAN Assignment is a method of grouping network devices by assigning them to different VLANs. This allows for network traffic isolation and improved security. These two technologies are often used together to achieve stricter network access control. The following figure shows a typical topology of a combination of 802.1X and VLAN Assignment technologies.
Configuring Access Authentication with Omada Built-in RADIUS
Step 1. Go to Settings > Server Settings in the Global view and enable Built-in RADIUS, then enter the corresponding parameters and Enable Tunneled Reply. Here IP Address refers to the IP address of the Controller.
Step 2. Switch to the target site, go to Settings > Profile > RADIUS Profile, and click Edit.
Click Add New RADIUS User
Select User Authentication for Authentication Type, enter Name, Password, VLAN ID and other parameters, and click Apply to save the configuration.
Step 3. Go to Settings > Authentication > 802.1X, and enable 802.1X. For RADIUS Profile, select Built-in Radius Profile, and then enable VLAN Assignment. Select the ports that require 802.1X authentication, and click Save.
Configuring Access Authentication with FreeRadius
Step 1. Edit the "users" file in the FreeRadius server. Add the user, password and corresponding VLAN ID in the blank space using the vi /etc/freeradius/3.0/users command, as shown below.
Step 2. Go to Settings > Profiles > RADIUS Profile and click Create New RADIUS Profile.
Enter the RADIUS Profile's Name, Authentication Server IP, Authentication Port, and Authentication Password, and then click Save.
Step 3. Go to Settings > Authentication > 802.1X and enable 802.1X. Select the external RADIUS Server created in Step 2 for RADIUS Profile, and then enable VLAN Assignment. Finally, select the ports that require authentication for internet access, and click Save.
Go to Tools > Terminal and select Device Type as Switch. Choose the switch that has 802.1X authentication enabled under Sources, and then click Open Terminal. In the Terminal interface of the switch, enter the command show dot1x auth-state. You will be able to see that port 1/0/1 has been successfully authenticated, and the client has been assigned to VLAN 2.
You can use VLAN Assignment and 802.1X to enhance your network security.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.