WAP54GP - VLAN + RADIUS = Busted

Discussion in 'Networking Issues' started by mark78, Dec 22, 2006.

  1. mark78

    mark78 LI Guru Member

    So we get in some WAP54GP this week, I was excited to get them setup...

    After 2 days I've come to this conclusion - the firmwares broken.

    After failing to make my config work with 2 VLAN's I decided to dumb it down and work with only the main SSID and a single VLAN.

    RADIUS enabled + VLAN's disabled = Client works fine
    RADIUS disabled + VLAN enabled = Client works fine
    RADIUS enabled + VLAN enabled = Client fails to connect.

    ALL I changed was enable the VLAN on the SSID and same VLAN on management. You may think this is an easy fix, the AP can't hit the RADIUS server... no thats not it. From the RADIUS server I can ping and even manage the AP.

    So I throw a sniffer in front of the AP on a mirrored port. With RADIUS enabled and VLAN's disabled, it works fine, and I see my RADIUS packets back and forth. I reset the test, enable the VLAN, and as expected, the AP sends NOT A SINGLE RADIUS PACKET!@#!@# Argh...

    Anyone have any ideas? I've found some other threads over the last 6 months that indicate other people have run in to this as well. Open to suggestions before we return the AP's.

    edit - The firmware is the latest, 1.28 I believe... Upgrading the firmware is the first thing I did. I wanted to revert back to OEM firmware but can't apparently, and I'm not gonna open up a new AP just to test old firmware...
  2. Toxic

    Toxic Administrator Staff Member

    This sounds like it is doing what it is meant to do, if the radius server is not on the particular VLAN in question then no data will be sent to it. are you able to ping the IP addresses on the VLAN from the Radius server?
  3. mark78

    mark78 LI Guru Member

    The RADIUS server is on the same tagged VLAN as the rest of the network.

    With both VLAN and RADIUS on the AP enabled, I see the AP ARP for the IP of my RADIUS server. The RADIUS server itself replies to the ARP. Then nothing but more STP packets. The AP never sends a RADIUS packet.

    At the same time, I am able to logon to my RADIUS server (IAS) to ping and manage the AP successfully on the same layer 2, so clearly it is accepting packets from my RADIUS server.

    I goto the RADIUS config, and disable VLAN tagging. I logon to my Dell switch and change the port from Tagged to Untagged.

    Magically RADIUS starts to work.

    If I put the VLAN back, and take out the RADIUS settings and go WPA, the client connects and can get anywhere it wants, but so far they refuse to work together.
  4. mark78

    mark78 LI Guru Member

    Ok, its not busted...I have the fix

    Get a new access point :)

    Thank you for contacting Linksys Customer Support.

    I am sorry to inform you but the problem regarding "device will not work when both VLAN and WPA/WPA2 Enterprise is enabled" is a product limitation. WPA/WPA2 Enterprise will only work if VLAN Trunk is disabled. Sorry for the inconvenience and thank you for your time and patience and have a great day.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice