How to configure 802.1X VLAN Assignment on Omada Controller

Configuration Guide
Updated 08-05-2024 08:29:42 AM Number of views for this article34981
This Article Applies to:

Contents

Objective

Requirements

Introduction

Configuration

Configuring Access Authentication with Omada Built-in RADIUS

Configuring Access Authentication with FreeRadius

Verification

Conclusion

Objective

This article describes how to configure 802.1X VLAN Assignment authentication using Omada's Built-in RADIUS and external FreeRadius, respectively.

Requirements

  • Omada Smart/ L2+/L3 series switches
  • Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.9 and above)

Introduction

802.1X is a network authentication protocol used to authenticate users or devices connecting to the network. VLAN Assignment is a method of grouping network devices by assigning them to different VLANs. This allows for network traffic isolation and improved security. These two technologies are often used together to achieve stricter network access control. The following figure shows a typical topology of a combination of 802.1X and VLAN Assignment technologies.

Configuration

Configuring Access Authentication with Omada Built-in RADIUS

Step 1. Go to Settings > Server Settings in the Global view and enable Built-in RADIUS, then enter the corresponding parameters and Enable Tunneled Reply. Here IP Address refers to the IP address of the Controller.

Step 2. Switch to the target site, go to Settings > Profile > RADIUS Profile, and click Edit.

Click Add New RADIUS User

Select User Authentication for Authentication Type, enter Name, Password, VLAN ID and other parameters, and click Apply to save the configuration.

Step 3. Go to Settings > Authentication > 802.1X, and enable 802.1X. For RADIUS Profile, select Built-in Radius Profile, and then enable VLAN Assignment. Select the ports that require 802.1X authentication, and click Save.

Configuring Access Authentication with FreeRadius

Step 1. Edit the "users" file in the FreeRadius server. Add the user, password and corresponding VLAN ID in the blank space using the vi /etc/freeradius/3.0/users command, as shown below.

Step 2. Go to Settings > Profiles > RADIUS Profile and click Create New RADIUS Profile.

Enter the RADIUS Profile's Name, Authentication Server IP, Authentication Port, and Authentication Password, and then click Save.

Step 3. Go to Settings > Authentication > 802.1X and enable 802.1X. Select the external RADIUS Server created in Step 2 for RADIUS Profile, and then enable VLAN Assignment. Finally, select the ports that require authentication for internet access, and click Save.

Verification

Go to Tools > Terminal and select Device Type as Switch. Choose the switch that has 802.1X authentication enabled under Sources, and then click Open Terminal. In the Terminal interface of the switch, enter the command show dot1x auth-state. You will be able to see that port 1/0/1 has been successfully authenticated, and the client has been assigned to VLAN 2.

Conclusion

You can use VLAN Assignment and 802.1X to enhance your network security.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >