1

I set up 802.1x on the wifi and now I want to configure dynamic vlan. Only problem: the AP (TP-Link Archer C7 v2 w/stock firmware) doesn't support vlans. Let me be a bit more visual: a network diagram. The important part here is: client -> wireless router -> layer 3 switch -> RADIUS.

In the web-config of the wireless router (AP) I set it to wpa-enterprise and set the radius server. The network settings like DHCP are controlled by the L3 switch. This works.

Now I want to use dynamic VLANs (freeRadius logic, AD groups). My switch understands VLANs, but my AP doesn't. How do I pass VLAN ID to the switch?

So the AP is talking to RADIUS, RADIUS responds to AP; this passes through the switch. The switch even provides an IP for the client, but it is unaware of the VSA provided by the RADIUS server.

How can I make this work?

Jeff Burns
  • 740
  • 1
  • 7
  • 12
Frank Vermeulen
  • 75
  • 2
  • 8

1 Answers1

4

If the AP won't do vlans, you'll need a different AP. End of story. You must have an AP that supports vlan assignment via radius, and since your current AP does not support them, you're out of luck until you replace it.

Engenius and Ubiquiti both have some nice, low-cost (just over $100) APs that can do what you're asking. I've also used APs from Zebra (their express models would be adequate for this) that I really liked, but that costs a bit more.

That said, I'm skeptical that your current AP doesn't support vlans. A quick google search shows others have been able to use vlans with this model. Specifically, the link below indicates someone else was able to get this working via OpenWrt on an AP that is effectively the same internal hardware with just a different brand name slapped on it:

https://forum.openwrt.org/viewtopic.php?id=60452

It didn't seem like it was at all a simple thing to do, though.

Joel Coel
  • 12,910
  • 13
  • 61
  • 99
  • Thx Joel. I'm having a look at openwrt. Do you know if that might work? It supports vlans, but I think they are only meant for separating different ssids. Not sure though.. – Frank Vermeulen Mar 09 '16 at 17:59
  • See my updated answer. – Joel Coel Mar 09 '16 at 18:01
  • @FrankVermeulen - I have the same router/ap and using it solely as an AP with OpenWRT on it and it does support VLAN's with OpenWRT installed. (I've not attempted what you are though). Installing OpenWRT wasn't that difficult - BUT as a heads up - you do have to install the kmod-ath10k package manually after installing the official 15.05 build for 802.11a to work. Its not included in the default builds yet. – Jeff Burns Mar 09 '16 at 20:19
  • @jeff Thanks for the heads up. That will save me quite a few headaches tomorrow. I do hope you mean .11ac :) ? – Frank Vermeulen Mar 09 '16 at 20:28
  • @FrankVermeulen Yes indeed -802.11ac :). – Jeff Burns Mar 09 '16 at 20:55