Talkabout  Freshman Member

Comments

  • Hi @RichardHan , unfortunately, today the issue ocurred again with an iPhone. My wife was having an Internet call going on while she was moving from one room to the other. Suddenly Connection dropped and it took some time until it was back again. This is often the indication that the DHCP Server is delivering an IP in a…
  • Hi @RichardHan , I am not able to reply to your mail as it gets blocked by your issue tracking system. So I am answering here: please let’s not close the ticket too fast. I would like to test a few days if the issue won’t occur any more, because I had the case already that for 2-3 days there was no wrong behavior and then…
  • Hi @RichardHan , I might have some important Information. Yesterday I have disabled the „Reauthentication interval“ in my security configuration and now I am not able to reproduce the issue any more. The reason why I disabled it was one of our MAC Clients (MacOS) where the reauthentication did not work (authentication…
  • Hi @RichardHan , in the ticket it might be important to mention that the last step (roaming from ap2 to ap1) does NOT execute the RADIUS authentication again. In my opinion this is the reason why the VLAN assignment does not work. Who is taking care of checking/fixing the issue now? Is it still you working on it? If so,…
  • Hi @RichardHan , I have now captured the RADIUS packets. I have done the following steps to reproduce the issue: disable WIFI on mobile (Android) activate WIFI on mobile at 1st floor. RADIUS response: Sent Access-Accept Id 162 from 192.168.XX.XX:1812 to 192.168.XX.4:53042 length 0 Thu Dec 12 17:39:06 2019 : Debug: (11)…
  • Hi @RichardHan , I am so happy that finally somebody is taking care... thanks a lot! here are the answers to your questions: I am not using any controller, the APs are directly accessing the RADIUS server I am not sure how to enable 802.11r. The only thing I have found is "802.11r assissted roaming" which is in beta state.…
  • HI all, today I did some more testing and am now able to reproduce the issue. ap1 => 1st floor, default vlan = 100 ap2 => 2nd floor, default vlan = 100 VLAN1 => private Wifi VLAN100 => guest Wifi Mobile device logs into ap1 with LDAP credentials via RADIUS => receives vlan 1 via radius response and an ip address in the…
  • Hi all, today again, various devices have been assigned an IP from the guest net although the RADIUS authentication provided a different one. Is there really nobody who could help here...??? Bye
  • Hi all, unfortunately the issue occured again... I am not able to figure out the cause of it... I added a trace into my Radius implementation and there is no entry when the guest vlan is assigned. Somehow the client receives a new ip WITHOUT being authorized by RADIUS, how can this work? Also the AP log (debug) does not…
  • Hi @Zyxel_KathyLin , currently it seems that the problematic behavior is somehow related to changes done to the WIFI settings on the ap during existing connections of clients. I am still validating this, but here is what I think happens: clients connect to ap clients execute radius authentication process and receive vlan…
  • Hi all, I can confirm that changing the standard VLAN id for the SSID makes the devices getting an IP address in the corresponding range, so this setting is directly related. Still I am not able to reproduce the behavior consistently, only after waiting a few hours without touching the mobile device and then waking it up…
  • Hi Panda, the model is "Samsung Galaxy A5 (2016)". Bye
  • Hi Panda, this is not about logging in many users via LDAP but simply to keep the user configuration at one place (Active Directory). Having local users makes it difficult to maintain user credentials when somebody decides to change password. Also locking users is way simpler when you only have one directory where you need…
  • Hi IKLe, I prefer the standard configuration mode as I do not want to rely on cloud services here. Also I think a deep integration into your own infrastructure can be done more secure that way. The only thing currently missing is the user management based on LDAP/RADIUS. Bye
Avatar