What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

UniFi native RADIUS auth issue over WiFi

CntrlAltDel

CntrlAltDel

Occasional Visitor
Hi there,

I'm having an issue authing to one of my SSID's that is using WPA2-Enterprise with the native UniFi RADIUS configured on the default ports 1813/1814.
I have another SSID that is just authing with a WPA2-PSK which just works fine.

Network looks like this:
Management VLAN 1 10.86.10.0/25
UCG Max - 10.86.10.1
USW - 10.86.10.2
AP1 - 10.86.10.3 (Native VLAN = Management VLAN and all VLANs associated with SSIDs are set as Tagged VLANs)

Users-Wireless VLAN 30 / 10.86.30.0/25 (THIS ONE WORKS)
SSID#1 (WPA2-PSK/Non-RADIUS)

BYOD-Wireless VLAN 35 / 10.86.35.0/25 (THIS ONE DOESN'T)
SSID#2 (WPA-Enterprise/With-RADIUS)

And for the local account (RADIUS credentials) I have it set to VLAN ID: 35, Tunnel Type: 13 (VLANs) & Tunnel Medium Type: 802.

There is no log event for when connecting fails. It just fails on the device, tried with MacBook *2 and iPhone. Exact same issue.

Hoping someone can provide some deeper insight.
 
Last edited:
Is your AP an UniFi device as well or something else? Your network setup description suggests something else. If you followed this document exactly when setting up the RADIUS server - focus on the AP. True BYOD won't work since the server needs to authenticate the credentials, but perhaps you already know and BYOD in the SSID name means something else.
 
Tech9 said:
Is your AP an UniFi device as well or something else? Your network setup description suggests something else.
Click to expand...
All APs are UniFi UAP-NanoHD's.

Tech9 said:
If you followed this document exactly when setting up the RADIUS server - focus on the AP.
Click to expand...
Yes, in fact RADIUS auth worked before. It's just now that I've split SSID's into separate VLANs that there's an issue. There's no firewall related blocks. Nothing happens when I try to auth from client device, even an event isn't logged.

Tech9 said:
True BYOD won't work since the server needs to authenticate the credentials, but perhaps you already know and BYOD in the SSID name means something else.
Click to expand...
Yes, I just named it this way as an example scenario to explain my point.
 
Are both wireless networks in the same Firewall Zone? I would attempt setting up the server again after the VLAN/SSID change. This will re-create the necessary access rules. Zone Matrix looks as easy representation on what's happening, but some things are hard to spot.
 
Last edited:
Tech9 said:
Are both wireless networks in the same firewall zone? I would attempt setting up the server again after the SSID change.
Click to expand...

No they're not.
Management VLAN 1 = APs themselves
BYOD-Wireless VLAN 35 = VLAN associated with SSID (This one auths WPA2-Enterprise -> RADIUS and fails)
Users-Wireless VLAN 30 = VLAN associated with SSID (This one auths WPA2-PSK successfully)

All the VLANs associated with the SSIDs are tagged on the eth port on the switch connecting to the APs, where they themselves (APs) are using native Management VLAN (1).

Honestly if there were some form of logging that could account for this, I would've been able to determine exactly where the issue is immediately.
But the logging isn't all that great when it comes to the RADIUS server interactions.
This issue had to even get escalated twice through UniFi support.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
G Fiber on the way, new Unifi system planned General Wi-Fi Discussion 19

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,267 (members: 23, guests: 2,244)
Back
Top