VLAN assignment on 2950

Discussion in 'Cisco' started by S. Einarsson, Jan 31, 2005.

  1. S. Einarsson

    S. Einarsson Guest

    I have a problem getting VLAN assignment to work on a 2950 with Catalyst
    4500 as the trunkink mother. The setup works just fine on the Catalyst
    but is not functional on the 2950. I would really appreciate any
    suggestions.

    Here are the following configurations.

    ### Main Switch ###
    Running the main native vlan is a catalyst 4500 with IOS 12.2.

    The trunk port config for the 2950 looks like this:
    !
    interface GigabitEthernet2/5
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 2
    switchport mode trunk
    switchport nonegotiate
    spanning-tree portfast
    end
    !

    ### The 2950 running IOS 12.1 ###

    - A port configured in on any vlan works as expected. User gets assigned
    a address from dhcp and everything is usable

    !
    interface FastEthernet0/3
    switchport access vlan 10
    spanning-tree portfast
    end
    !

    - On a port configured for dot1x the user is able to authenticate and is
    clearly assigned on the correct vlan according to the radius server
    logs. He on the other hand doesn't get any ip address from the VLAN's
    dhcp server and the VLAN in whole doesn't seem to function at all.

    !
    interface FastEthernet0/2
    switchport mode access
    dot1x port-control auto
    spanning-tree portfast
    end

    !


    #####
    Here is the relavant config from the 2950:

    !
    aaa new-model
    aaa authentication dot1x default group radius local
    aaa authorization network default group radius
    !
    ip subnet-zero
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    dot1x system-auth-control
    !
    !
    interface FastEthernet0/1
    switchport trunk native vlan 2
    switchport mode trunk
    !
    interface FastEthernet0/2
    switchport mode access
    dot1x port-control auto
    spanning-tree portfast
    !
    !
    interface Vlan1
    no ip address
    no ip route-cache
    shutdown
    !
    interface Vlan2
    ip address xxx.xxx.xxx.xxx 255.255.255.224
    no ip route-cache
    !
    ip http server
    radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813 key v1k1
    radius-server retransmit 3
    radius-server vsa send accounting
    radius-server vsa send authentication
    banner incoming 
    DEATH TO VIDEODROME^C
    LONG LIVE THE NEW FLESH^C
    
    !
    end
    S. Einarsson, Jan 31, 2005
    #1
    1. Advertising

  2. Are you sure that the DHCP-client does not run BEFORE the dot1x client?
    MS-products did do that until recently (i have not checked XP SP2,
    though). What happenes if you assign a static ip-address to that
    dot1x-client?


    Mathias

    S. Einarsson schrieb:
    > I have a problem getting VLAN assignment to work on a 2950 with Catalyst
    > 4500 as the trunkink mother. The setup works just fine on the Catalyst
    > but is not functional on the 2950. I would really appreciate any
    > suggestions.
    >
    > Here are the following configurations.
    >
    > ### Main Switch ###
    > Running the main native vlan is a catalyst 4500 with IOS 12.2.
    >
    > The trunk port config for the 2950 looks like this:
    > !
    > interface GigabitEthernet2/5
    > switchport trunk encapsulation dot1q
    > switchport trunk native vlan 2
    > switchport mode trunk
    > switchport nonegotiate
    > spanning-tree portfast
    > end
    > !
    >
    > ### The 2950 running IOS 12.1 ###
    >
    > - A port configured in on any vlan works as expected. User gets assigned
    > a address from dhcp and everything is usable
    >
    > !
    > interface FastEthernet0/3
    > switchport access vlan 10
    > spanning-tree portfast
    > end
    > !
    >
    > - On a port configured for dot1x the user is able to authenticate and is
    > clearly assigned on the correct vlan according to the radius server
    > logs. He on the other hand doesn't get any ip address from the VLAN's
    > dhcp server and the VLAN in whole doesn't seem to function at all.
    >
    > !
    > interface FastEthernet0/2
    > switchport mode access
    > dot1x port-control auto
    > spanning-tree portfast
    > end
    >

    --
    CCIE #11220
    Everything written is MY opinion only, not the one of my company or
    employer unless otherwise noted

    The early bird gets the worm, but the second mouse gets the cheese

    My signature is certified by Fraunhofer Society.
    The root-ca IS trusted but the browser-manufacturers want big $ to have
    it included
    Mathias Gaertner, Jan 31, 2005
    #2
    1. Advertising

  3. S. Einarsson

    S. Einarsson Guest

    Yes I tried assigning a static ip to the client, but the net was
    unusable. The same client(XP) gets assigned an ip right away after
    authenticating on the catalyst 4500 switch. The aaa/radius config is on
    the 2950 and the catalyst are identical.

    Mathias Gaertner wrote:
    > Are you sure that the DHCP-client does not run BEFORE the dot1x client?
    > MS-products did do that until recently (i have not checked XP SP2,
    > though). What happenes if you assign a static ip-address to that
    > dot1x-client?
    >
    >
    > Mathias
    >
    > S. Einarsson schrieb:
    >
    >> I have a problem getting VLAN assignment to work on a 2950 with
    >> Catalyst 4500 as the trunkink mother. The setup works just fine on
    >> the Catalyst but is not functional on the 2950. I would really
    >> appreciate any suggestions.
    >>
    >> Here are the following configurations.
    >>
    >> ### Main Switch ###
    >> Running the main native vlan is a catalyst 4500 with IOS 12.2.
    >>
    >> The trunk port config for the 2950 looks like this:
    >> !
    >> interface GigabitEthernet2/5
    >> switchport trunk encapsulation dot1q
    >> switchport trunk native vlan 2
    >> switchport mode trunk
    >> switchport nonegotiate
    >> spanning-tree portfast
    >> end
    >> !
    >>
    >> ### The 2950 running IOS 12.1 ###
    >>
    >> - A port configured in on any vlan works as expected. User gets
    >> assigned a address from dhcp and everything is usable
    >>
    >> !
    >> interface FastEthernet0/3
    >> switchport access vlan 10
    >> spanning-tree portfast
    >> end
    >> !
    >>
    >> - On a port configured for dot1x the user is able to authenticate and
    >> is clearly assigned on the correct vlan according to the radius server
    >> logs. He on the other hand doesn't get any ip address from the VLAN's
    >> dhcp server and the VLAN in whole doesn't seem to function at all.
    >>
    >> !
    >> interface FastEthernet0/2
    >> switchport mode access
    >> dot1x port-control auto
    >> spanning-tree portfast
    >> end
    >>
    S. Einarsson, Jan 31, 2005
    #3
  4. S. Einarsson

    S. Einarsson Guest

    For anyone out there.
    Upgrading to c2950-i6q4l2-mz.121-22.EA3 fixed my problem.

    happy cisco-ing
    S. Einarsson, Feb 8, 2005
    #4
  5. S. Einarsson

    Kiran_network

    Joined:
    Sep 27, 2007
    Messages:
    1
    I am trying out dhcp on 3750 switch, with dot1x enabled. Also for the dhcp client instead of PC, i am using a simulator (IXIA).

    Can any one let me know how to get the ip address from the dhcp server after the client gets authorized by dot1x?

    Appreciate any inputs on this
    Kiran_network, Sep 27, 2007
    #5
  6. S. Einarsson

    stansio83

    Joined:
    Apr 13, 2014
    Messages:
    1
    Hi... How is associate one dhcp scope to a specific vlan? the switch port is set to mode access and dot1x ... microsoft server dhcp role has 2 scope: 192.168.1.0/24 and 192.168.2.0/24 and 2 users(one in vlan5 and the other one in vlan6) how it is taked the decision to correlate the first scope with vlan 5 and the other one with the 6th? .. for example..
    stansio83, Apr 13, 2014
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. brent
    Replies:
    4
    Views:
    19,435
    jmarkotic
    Oct 22, 2003
  2. Achim 'ahzf' Friedland

    AP1200 and vlan assignment via radius...

    Achim 'ahzf' Friedland, Feb 22, 2006, in forum: Cisco
    Replies:
    0
    Views:
    2,797
    Achim 'ahzf' Friedland
    Feb 22, 2006
  3. psychogenic

    dynamic vlan assignment besides vmps

    psychogenic, Apr 20, 2006, in forum: Cisco
    Replies:
    9
    Views:
    6,020
    C Kim
    Apr 20, 2006
  4. Tacobell
    Replies:
    5
    Views:
    4,311
  5. Hostserve

    Vlan Assignment... Help..??

    Hostserve, Oct 16, 2007, in forum: Cisco
    Replies:
    0
    Views:
    461
    Hostserve
    Oct 16, 2007
Loading...

Share This Page