how to config cisco 3550 about 802.1x with vlan assignment

Discussion in 'Cisco' started by brent, Oct 15, 2003.

  1. brent

    brent Guest

    as title
    pls tell me. thx
    brent, Oct 15, 2003
    #1
    1. Advertising

  2. brent

    Dalgaard Guest

    Dalgaard, Oct 15, 2003
    #2
    1. Advertising

  3. brent

    jmarkotic Guest

    Configured it couple of days ago. Here is important stuff.

    aaa authentication dot1x default group radius none
    dot1x system-auth-control
    !
    interface FastEthernet0/3
    switchport mode access
    dot1x port-control auto
    dot1x guest-vlan 2
    spanning-tree portfast
    !
    radius-server host 192.168.0.151 auth-port 1812 acct-port 1813 key sifra

    On radius you define following attributes for user/or group:
    Tunnel-Type[64]=VLAN
    Tunnel-Medium-Type[65]=802
    Tunnel-Private-Group-Id[81]=name_of_vlan(not vlan id)

    and that's it.
    I had to download new IOS for 3550 to get it done properly.

    hth,
    jmarkotic



    "brent" <> wrote in message
    news:...
    > as title
    > pls tell me. thx
    jmarkotic, Oct 15, 2003
    #3
  4. "jmarkotic" <> wrote in message
    news:bmk8n4$57t$...
    > Configured it couple of days ago. Here is important stuff.
    >
    > aaa authentication dot1x default group radius none
    > dot1x system-auth-control
    > !
    > interface FastEthernet0/3
    > switchport mode access
    > dot1x port-control auto
    > dot1x guest-vlan 2
    > spanning-tree portfast
    > !
    > radius-server host 192.168.0.151 auth-port 1812 acct-port 1813 key sifra
    >
    > On radius you define following attributes for user/or group:
    > Tunnel-Type[64]=VLAN
    > Tunnel-Medium-Type[65]=802
    > Tunnel-Private-Group-Id[81]=name_of_vlan(not vlan id)
    >
    > and that's it.
    > I had to download new IOS for 3550 to get it done properly.
    >

    I read your reply with interest, as I have previously struggled with getting
    the 3550 send RADIUS queries to the RADIUS server. With the newest IOS this
    seems to be taken care of, and they have now implemented guest VLAN's on the
    3550 too. That is great, but I cannot quite figure out where on the RADIUS
    server to configure the attributes you give. In my case I use the Cisco ACS
    server but your reply may give me a clue anyway.

    Regards, Harald Haugan
    Harald Haugan, Oct 20, 2003
    #4
  5. brent

    jmarkotic Guest

    Go to "Interface Configuration", that go to "Radius IETF".
    Check atrributes that you want (64, 65, 81) for user and/or group.
    After that, those attributes will show under user/group IETF radius
    attributes.

    cheers,
    j

    "Harald Haugan" <> wrote in message
    news:3f9422b7$...
    >
    > "jmarkotic" <> wrote in message
    > news:bmk8n4$57t$...
    > > Configured it couple of days ago. Here is important stuff.
    > >
    > > aaa authentication dot1x default group radius none
    > > dot1x system-auth-control
    > > !
    > > interface FastEthernet0/3
    > > switchport mode access
    > > dot1x port-control auto
    > > dot1x guest-vlan 2
    > > spanning-tree portfast
    > > !
    > > radius-server host 192.168.0.151 auth-port 1812 acct-port 1813 key sifra
    > >
    > > On radius you define following attributes for user/or group:
    > > Tunnel-Type[64]=VLAN
    > > Tunnel-Medium-Type[65]=802
    > > Tunnel-Private-Group-Id[81]=name_of_vlan(not vlan id)
    > >
    > > and that's it.
    > > I had to download new IOS for 3550 to get it done properly.
    > >

    > I read your reply with interest, as I have previously struggled with

    getting
    > the 3550 send RADIUS queries to the RADIUS server. With the newest IOS

    this
    > seems to be taken care of, and they have now implemented guest VLAN's on

    the
    > 3550 too. That is great, but I cannot quite figure out where on the RADIUS
    > server to configure the attributes you give. In my case I use the Cisco

    ACS
    > server but your reply may give me a clue anyway.
    >
    > Regards, Harald Haugan
    >
    >
    jmarkotic, Oct 22, 2003
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oli
    Replies:
    3
    Views:
    801
  2. Illusion
    Replies:
    3
    Views:
    5,113
    Andre Beck
    Nov 1, 2003
  3. S. Einarsson

    VLAN assignment on 2950

    S. Einarsson, Jan 31, 2005, in forum: Cisco
    Replies:
    5
    Views:
    6,780
    stansio83
    Apr 13, 2014
  4. Achim 'ahzf' Friedland

    AP1200 and vlan assignment via radius...

    Achim 'ahzf' Friedland, Feb 22, 2006, in forum: Cisco
    Replies:
    0
    Views:
    2,719
    Achim 'ahzf' Friedland
    Feb 22, 2006
  5. psychogenic

    dynamic vlan assignment besides vmps

    psychogenic, Apr 20, 2006, in forum: Cisco
    Replies:
    9
    Views:
    5,997
    C Kim
    Apr 20, 2006
Loading...

Share This Page