This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firmware 10.0r9a (AP250) RADIUS VLAN attribute not applying

Firmware 10.0r9a (AP250) RADIUS VLAN attribute not applying

Pete
New Contributor

‎09-10-2020 01:55 PM

We've been using the RADIUS attribute to set wireless client VLANs on Aerohive AP250s for 18 months on a campus with 180+ AP250s.  Everything has been stable and working and not seen any issues with the client VLAN assignement since it was setup.

After upgrading 18 AP’s located in one building to 10.0.9.1 (10.0r9a), WiFi clients are are now appearing on the AP management VLAN and not the one that should be assigned by attribute,   Only affects the SSID using 802.1X RADIUS, clients of the SSID using a PSK aren't affected.

I tried a PoE cycle of the affected AP’s but continued to see clients appearing on the management VLAN.

Since the AP’s that hadn’t been upgraded continued to work correctly I downgraded back to 10.0.8.1 (10.0r8a) and they are now all working with wireless clients being assigned to the correct VLAN set by the RADIUS tunnel-pvt-group attribute.

Has something changed with the way this feature works, or is there an issue with 10.0r9a firmware ?

 

 

 

 

 

 

 

0 Kudos
2 REPLIES 2

Pete
New Contributor

‎09-11-2020 02:31 PM

Hi Sam

Thank’s for your reply.

I’ll look set some time aside and pick this up next week

 

0 Kudos

SamPirok
Community Manager Community Manager
Community Manager

‎09-11-2020 02:06 PM

That sounds like an issue with the new firmware version to me, but we would need to open a support case so we can collect logs to be sure. Would you be able to please open a support case? I would recommend attaching the following data to the case:

  • Management VLAN ID
  • Customer VLAN ID
  • Tech data from an AP while running 10.0r8a 
  • Tech data from the same AP after it’s running 10.0r9a

Also if you’re feeling really ambitious, you might want to upgrade to 10.0r9a, enable the auth debugs described in the article below, attempt to connect with a client device, wait for the client device to fully connect and get the wrong VLAN ID, then pull tech data and attach that data to the case along with the MAC address of the client device you used to test with. That should give us more information on why the client was assigned to the VLAN it was given. 

 

Auth debugs: https://extremeportal.force.com/ExtrArticleDetail?n=000046451&q=Auth%20debugs

 

Hope that helps!

0 Kudos
GTM-P2G8KFN