Vlan assignation by Radius

Discussion in 'Cisco' started by Jean, Jun 11, 2004.

  1. Jean

    Jean Guest

    Hi all,

    I'm using
    - Cisco ACS 3.0 Radius
    aaa server type is CiscoSecure ACS for Windows 2000/NT
    authenticating using RADIUS (IETF)

    - Cisco Switch 3550 Version 12.1(12c)EA1
    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network defauft group radius
    radius-server host x.x.x.x auth-port 1812 acct-port 1813
    radius-server retransmit 3
    radius-server key xxxxxx
    interface FastEthernet0/47
    switchport mode access
    no ip address
    no cdp enable
    dot1x port-control auto
    spanning-tree portfast

    - Win XP client
    MD-5

    My problem
    The client will get authorized and the port will be authorized,
    however Radius doesn't pass the vlan, the port ends up on the default
    vlan.
    How do I make it to pass the vlan, I have all 3 attributes set on
    radius
    64 Tunnel type = VLAN contains the value vlan (type
    13)
    65 Tunnel-medium-type=802 contains value 802 (type 6)
    81 Tunnel-private-group-ID=VLAN name contains the vlan name assigned
    to the 802.1x

    But I still have no vlan assigned for the authorized port.
    Any suggestions ?

    Also, does anyone know what is the best IOS ver to run on a 3550 to do
    802.1x
    Thanks
    Jean
     
    Jean, Jun 11, 2004
    #1
    1. Advertising

  2. Jean

    gaetano Guest

    Jean wrote:
    > interface FastEthernet0/47
    > switchport mode access
    > no ip address
    > no cdp enable
    > dot1x port-control auto
    > spanning-tree portfast
    >

    customize the timeout:

    dot1x timeout quiet-period 5
    dot1x timeout tx-period 4
    dot1x timeout reauth-period 15
    dot1x timeout supp-timeout 5
    dot1x timeout server-timeout 5
    dot1x max-req 5
    dot1x guest-vlan 5

    > - Win XP client
    > MD-5
    >
    > My problem
    > The client will get authorized and the port will be authorized,
    > however Radius doesn't pass the vlan, the port ends up on the default
    > vlan.
    > How do I make it to pass the vlan, I have all 3 attributes set on
    > radius
    > 64 Tunnel type = VLAN contains the value vlan (type
    > 13)
    > 65 Tunnel-medium-type=802 contains value 802 (type 6)
    > 81 Tunnel-private-group-ID=VLAN name contains the vlan name assigned
    > to the 802.1x


    not use VLAN name but VLAN number

    >
    > But I still have no vlan assigned for the authorized port.


    have you create the vlan on 3550?
    the commmand "debug dot1x ..."

    > Any suggestions ?
    >
    > Also, does anyone know what is the best IOS ver to run on a 3550 to do
    > 802.1x

    the latest 121-20.EA2.bin
    > Thanks
    > Jean
     
    gaetano, Jun 12, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul

    VLAN or Not to VLAN

    Paul, Oct 27, 2003, in forum: Cisco
    Replies:
    0
    Views:
    593
  2. David
    Replies:
    0
    Views:
    2,706
    David
    Nov 6, 2003
  3. Neil Rowland

    Auxiliary VLAN V VLan

    Neil Rowland, Apr 13, 2004, in forum: Cisco
    Replies:
    1
    Views:
    596
    Phil Dotchon
    Apr 14, 2004
  4. Achim 'ahzf' Friedland

    AP1200 and vlan assignment via radius...

    Achim 'ahzf' Friedland, Feb 22, 2006, in forum: Cisco
    Replies:
    0
    Views:
    2,901
    Achim 'ahzf' Friedland
    Feb 22, 2006
  5. Mark Renton

    Logic Units Assignation

    Mark Renton, Jul 3, 2004, in forum: Computer Information
    Replies:
    4
    Views:
    478
Loading...

Share This Page