I am a little confused with how to set this up. I have a Smoothwall box doing filtering and dishing out DHCP leases on VLAN 30. I have setup a VLAN SSID on 30 which works fine. Now I want to use Radius before they get on the WIFI.
My main IP range is 192.168.100.*
My VLAN 30 is 192.168.30.*
My Controller is 192.168.100.180 and has the VLAN 30 set on its port
The AP which the PC attaches to has the VLAN 30 set
When I try and connect I get a 'additional logon is required message' on my Windows laptop but it does not redirect to the logon page. If it disconnect and reconnect I don't even get the logon message. A tablet didn't even come up with that message.
I am confused.
Do I need intervlan routing setup? Be easier if the controller would have addition IPs allowed.
Think of the ZoneDirector as a WLAN management appliance hanging off your
network. We do assume that you have routing/switching in place for VLANs and
a DHCP server servicing each. Your WLANs that specify a VLAN, will tag the
authenticated clients packet with that VLAN-ID, so from the AP directly or the
ZD (if tunneling your WLAN), the client DHCP discovers should be seen and
answered by the DHCP server on VLAN 30.
If you take off the 802.1x/RADIUS authentication, using just Open Auth for a test,
do clients connect right away, and get a VLAN 30 subnet IP address ok? If yes,
that is a good start.
Which type of EAP you employ for 802.1x/RADIUS will determine what your client
needs, either a certificate (EAP-TLS), or username/password (EAP-PEAP, with or
without a client side cert). It sounds like you wish to use PEAP. A Windows PC
should pop-up a login balloon, requesting username/password. You ought to be
able to configure the Properties of your wireless Profile, to get this first-time login
prompt. Say not to use PC credentials.
Due to 802.1x complexity, please open a ticket with tech support if you need
further troubleshooting assistance.