Authentik Radius authentification for Omada OC200 embedded in TP-Link Router ER7212PC

[samirdawaliby]

I am trying to integrate RADIUS authentication with my OC200 Omada controller, which is embedded inside an ER7212PC router. My Authentik instance is running on a VPS with a public IP. I am encountering issues with the RADIUS setup and need assistance in resolving them.

Configuration Details:
Authentik Identity Provider: Installed on a VPS with a public IP and a domain name URL (https;//authentik.caplogy.com).
I created a group and assigned a user to that group.
Router CIDR: 90.0.0.0/8 (public), 192.168.99.0/24 (local area network)
Omada Controller: OC200 embedded in ER7212PC router
RADIUS Provider Configuration: Followed the instructions from https://docs.goauthentik.io/docs/providers/radius/

I've seen another post related to this issue [https://github.com//issues/6243#issuecomment-1634050498] regarding routers requiring some extra attributes to actually work, which isn't provided by the current RADIUS outpost.

• Follow the Generic LDAP guide and make a 'radius-authentication-flow` if you don't want to do anything fancy
• Create a Radius Provider (see radius-provider screenshot), specifying the radius flow created. Take note of the shared key.
• Create a Application that uses the Provider
• Create a Radius Outpost and make sure the Provider is selected.

On the router side, i provide the RADIUS server IP as the IP of my Authentik VPS with port 1812 (see docker container ls screenshot), and i copied correctly the shared key that was provided as part of the Authentik Provider setup (see router-screenshot).

Please see attached the below screenshots of my configuration, can you please help me finding what am i doing wrong?

[BeryJu]

See #5328 (comment)