How to configure 802.1X VLAN Assignment on Omada Controller

TL-SG2008P , TL-SG3452X , SG3452XMPP , SG5452XMPP , TL-SG2218P , TL-SG3452XP , TL-SG2016P , SG2210XMP-M2 , SG3428XPP-M2 , SG3428XMPP , TL-SG2210P , SG2210MP , TL-SX3008F , TL-SX3016F , SG2218 , SG3428 , TL-SG3452P , TL-SG3428X , SG3218XP-M2 , TL-SG3428X-M2 , SG3210X-M2 , TL-SG3428XF , TL-SG2210MP , SG3428X-M2 , SG3210 , SG3452 , TL-SG3428XPP-M2 , SX3032F , SG3452X , SG3210XHP-M2 , TL-SG3210XHP-M2 , SG2008 , TL-SG2428P , SG3428XF , TL-SG2452 , TL-SG2210 , SG2005P-PD , SG2428LP , SX3008F , SG3428MP , SG3428X , SG3452P , SX3016F , TL-SG3428X-UPS , SX6632YF , SG2218P , SG2428P , SG2008P , SG3452XP , SG2452LP , TL-SG3428 , TL-SG2218 , SG2210P , SG5452X , TL-SG2438XF , SG2016P , TL-SG3428MP , TL-SG2008 , TL-SG3210 , TL-SG3452 , TL-SX3206HPP , SG3428XMP , TL-SG3428XMP , SX3206HPP
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
Contents
Configuring Access Authentication with Omada Built-in RADIUS
Configuring Access Authentication with FreeRadius
This article describes how to configure 802.1X VLAN Assignment authentication using Omada's Built-in RADIUS and external FreeRadius, respectively.
- Omada Smart/ L2+/L3 series switches
- Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.9 and above)
802.1X is a network authentication protocol used to authenticate users or devices connecting to the network. VLAN Assignment is a method of grouping network devices by assigning them to different VLANs. This allows for network traffic isolation and improved security. These two technologies are often used together to achieve stricter network access control. The following figure shows a typical topology of a combination of 802.1X and VLAN Assignment technologies.
Configuring Access Authentication with Omada Built-in RADIUS
Step 1. Go to Settings > Server Settings in the Global view and enable Built-in RADIUS, then enter the corresponding parameters and Enable Tunneled Reply. Here IP Address refers to the IP address of the Controller.
Step 2. Switch to the target site, go to Settings > Profile > RADIUS Profile, and click Edit.
Click Add New RADIUS User
Select User Authentication for Authentication Type, enter Name, Password, VLAN ID and other parameters, and click Apply to save the configuration.
Step 3. Go to Settings > Authentication > 802.1X, and enable 802.1X. For RADIUS Profile, select Built-in Radius Profile, and then enable VLAN Assignment. Select the ports that require 802.1X authentication, and click Save.
Configuring Access Authentication with FreeRadius
Step 1. Edit the "users" file in the FreeRadius server. Add the user, password and corresponding VLAN ID in the blank space using the vi /etc/freeradius/3.0/users command, as shown below.
Step 2. Go to Settings > Profiles > RADIUS Profile and click Create New RADIUS Profile.
Enter the RADIUS Profile's Name, Authentication Server IP, Authentication Port, and Authentication Password, and then click Save.
Step 3. Go to Settings > Authentication > 802.1X and enable 802.1X. Select the external RADIUS Server created in Step 2 for RADIUS Profile, and then enable VLAN Assignment. Finally, select the ports that require authentication for internet access, and click Save.
Go to Tools > Terminal and select Device Type as Switch. Choose the switch that has 802.1X authentication enabled under Sources, and then click Open Terminal. In the Terminal interface of the switch, enter the command show dot1x auth-state. You will be able to see that port 1/0/1 has been successfully authenticated, and the client has been assigned to VLAN 2.
You can use VLAN Assignment and 802.1X to enhance your network security.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Related FAQs
¿Es útil esta pregunta frecuente?
Sus comentarios nos ayudan a mejorar este sitio.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
Gracias
Agradecemos sus comentarios.
Haga clic aquí para comunicarse con el soporte técnico de TP-Link.
Este sitio web utiliza cookies para mejorar la navegación en el sitio web, analizar las actividades en línea y tener la mejor experiencia de usuario posible en nuestro sitio web. Puedes oponerte al uso de cookies en cualquier momento. Puede encontrar más información en nuestra política de privacidad . No volver a mostrar
Your Privacy Choices
Este sitio web utiliza cookies para mejorar la navegación en el sitio web, analizar las actividades en línea y tener la mejor experiencia de usuario posible en nuestro sitio web. Puedes oponerte al uso de cookies en cualquier momento. Puede encontrar más información en nuestra política de privacidad . No volver a mostrar
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au