WPA2 Enterprise RADIUS question


#1

Firmware 7.1.1 on a Surf SOHO.

When using WPA2 Enterprise for an SSID, the web UI has a NAS-Identifier field that is not documented in the Firmware v7 manual from Jan. 2017 (which seems to be the latest edition of the manual). What is it?

As shown in this image, the possible values are LAN MAC Address, Device Serial Number and Custom Value. My experience has been that the option for LAN MAC Address worked fine with the RADIUS server in my LAN-resident Synology NAS box.


#2

Interestingly, this field does not appear when configuring the router to use RADIUS to validate userids for the router itself (System tab -> Authentication by RADIUS checkbox)


#3

Hello. Anyone home?


#4

@Michael234

:sweat_smile::sweat_smile::sweat_smile:

This is the new feature (NAS Identifier) implemented for Wireless LAN Controller (WLC) firmware version 7 and above that yet to be documented. I will relay the message to the correct team to include that.

In general, NAS Identifier is just an extra information included in the radius request that can be use by the radius server to identify the request is send from which devices or locations or policy control base base on the custom value. If radius server doesn’t enforce NAS Identifier, basically this will be ignored by radius server upon the request received.

For WebAdmin Radius Authentication, we are not implementing base on NAS Identifier and it’s implemented base on the Radios Attributes. Details information please refer to the forum link below (Step 10 - 14).


#5

Thank you.


#7

In this same scenario. Does Peplink support dynamic VLANs? Vlans associated through the Radius server?
Thank you


#8

I’ve used “custom value” as well with no issues, very handy if you have multiple Peplink devices and dont want to keep adding devices each time and want a common identifier for these devices.

On the RADIUS server I had a subnet allocated for Peplink devices and a common NAS ID name, so the devices have to be in the right subnet and have the custom NAS ID for the RADIUS server to talk to them, have this working authenticating WiFi users back to Active Directory (NPS)


#9

Hi cgreen

The idea is:

I would like to set up a “Corporate” SSID with WPA2-AES encryption by authenticating through a Radius server.
If the user is from the Sales department the Radius server will define the VLAN 10
If the user is from the IT department the Radius server will define the VLAN 20

Thanks.


#10

@Mr.Ed

This is supported.

You only need to enable WPA2 Enterprise for the “Corporate” SSID and make sure the default VLAN is defined together with the Radius settings

image


#11

Hi guys,

I tried these configurations on a 802.1x environment without success.
The Peplink appliance do not allocates dinamics VLANS.
Any thoughts?


#12

What is that a screen shot of?
What Peplink device are you using?
What firmware level is it?
You need to provide more information.


#13

Hi Michael234
The screen shot is from Aruba ClearPass.
Peplink Balance One.
The firmware version is 7.1.1.


#14

@Djean, a ticket has been opened for this. We will follow up with your team there.