1

I set up 802.1x on the wifi and now I want to configure dynamic vlan. Only problem: the AP (TP-Link Archer C7 v2 w/stock firmware) doesn't support vlans. Let me be a bit more visual: a network diagram. The important part here is: client -> wireless router -> layer 3 switch -> RADIUS.

In the web-config of the wireless router (AP) I set it to wpa-enterprise and set the radius server. The network settings like DHCP are controlled by the L3 switch. This works.

Now I want to use dynamic VLANs (freeRadius logic, AD groups). My switch understands VLANs, but my AP doesn't. How do I pass VLAN ID to the switch?

So the AP is talking to RADIUS, RADIUS responds to AP; this passes through the switch. The switch even provides an IP for the client, but it is unaware of the VSA provided by the RADIUS server.

How can I make this work?

Jeff Burns
  • 768
  • 1
  • 7
  • 12
Frank Vermeulen
  • 167

1 Answers1

4

If the AP won't do vlans, you'll need a different AP. End of story. You must have an AP that supports vlan assignment via radius, and since your current AP does not support them, you're out of luck until you replace it.

Engenius and Ubiquiti both have some nice, low-cost (just over $100) APs that can do what you're asking. I've also used APs from Zebra (their express models would be adequate for this) that I really liked, but that costs a bit more.

That said, I'm skeptical that your current AP doesn't support vlans. A quick google search shows others have been able to use vlans with this model. Specifically, the link below indicates someone else was able to get this working via OpenWrt on an AP that is effectively the same internal hardware with just a different brand name slapped on it:

https://forum.openwrt.org/viewtopic.php?id=60452

It didn't seem like it was at all a simple thing to do, though.

Joel Coel
  • 13,117