I have a dynamic VLAN setup as described in Introduction to 802.1x, connecting with my MacBook. With the same wifi-iface on both radio0 and radio1, the 2.4 GHz radio gets connected, but the 5 GHz radio does not. When I have the 2.4 GHz enabled and the 5 GHz radio disabled, it connects to the correct VLAN and works right away, but when I do the reverse, the MacBook connects to WiFi, but then it does not communicate with the LAN, and eventually gives itself a 169.254 address.
config wifi-iface option device 'radio0' option mode 'ap' option ssid 'some said' option encryption 'wpa2' option server 'some address' option key 'some secret' option auth_cache '1' option dynamic_vlan '2' option vlan_tagged_interface 'eth0' option vlan_bridge 'br-vlan' option vlan_naming '0'
Unfortunately, I am using FreeRADIUS 3.0.12, and FreeRADIUS sort of sucks a lot. In my latest test, FreeRADIUS does not give any error messages. Previous tests would give messages like:
Tue Dec 20 00:46:05 2016 : Info: (5137) eap_peap: The users session was previously rejected: returning reject (again.) Tue Dec 20 00:46:05 2016 : Info: (5137) eap_peap: This means you need to read the PREVIOUS messages in the debug output Tue Dec 20 00:46:05 2016 : Info: (5137) eap_peap: to find out the reason why the user was rejected Tue Dec 20 00:46:05 2016 : Info: (5137) eap_peap: Look for "reject" or "fail". Those earlier messages will tell you Tue Dec 20 00:46:05 2016 : Info: (5137) eap_peap: what went wrong, and how to fix the problem
While the router’s log filled with fun messages like:
2016-12-26T02:47:23-08:00 info hostapd[]: wlan1: STA 60:03:08:xx:xx:xx IEEE 802.11: authenticated 2016-12-26T02:47:23-08:00 info hostapd[]: wlan1: STA 60:03:08:xx:xx:xx IEEE 802.11: associated (aid 1) 2016-12-26T02:47:23-08:00 info hostapd[]: wlan1: STA 60:03:08:xx:xx:xx IEEE 802.1X: authentication server did not include required VLAN ID in Access-Accept 2016-12-26T02:47:23-08:00 warning hostapd[]: wlan1: STA 60:03:08:xx:xx:xx IEEE 802.1X: authentication failed - EAP type: 25 (PEAP)
But in my latest test, FreeRADIUS doesn’t give any error messages, and the router’s log simply says:
2016-12-26T12:21:55-08:00 info hostapd[]: wlan0: STA 60:03:08:xx:xx:xx IEEE 802.11: authenticated 2016-12-26T12:21:55-08:00 info hostapd[]: wlan0: STA 60:03:08:xx:xx:xx IEEE 802.11: associated (aid 1)
In my previous tests, I was using hostapd, but in my latest test I also tried wpad, and that seems to work about as well as hostapd.