Hello Group,
Even though I am receiving the radius attributes from ACS server vlan
assignment is not taking place. Port is in authorized state but is assigned
default vlan 1.
07:48:27: RADIUS: Tunnel-Type [64] 6 01:VLAN
[13]
07:48:27: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802
[6]
07:48:27: RADIUS: Tunnel-Private-Group[81] 6 01:"255"
<<<<<<<<<<<<<<<<<<<<VLAN defined in ACS.
07:48:27: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
07:48:27: RADIUS: EAP-Message [79] 6
07:48:27: RADIUS: 03 17 00 04 [????]
SW1#sh int status | i 0/5
Fa0/5 connected 1 (vlan) a-full a-100
10/100BaseTX
SW1#
SW1#sh dot1x in fa0/5 de
Dot1x Info for FastEthernet0/5
-----------------------------------
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = Both
HostMode = SINGLE_HOST
ReAuthentication = Disabled
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
RateLimitPeriod = 0
Auth-Fail-Vlan = 200
Auth-Fail-Max-attempts = 3
Guest-Vlan = 201
Dot1x Authenticator Client List
-------------------------------
Domain = DATA
Supplicant = 001c.5822.2c30
Auth SM State = AUTHENTICATED
Auth BEND SM State = IDLE
Port Status = AUTHORIZED
Authentication Method = Dot1x
Authorized By = Authentication Server
Vlan Policy = N/A
SW1#
SW1#sh run int fa0/5
Building configuration...
Current configuration : 179 bytes
!
interface FastEthernet0/5
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 201
dot1x auth-fail vlan 200
spanning-tree portfast
Your help is highly appreciated.
Thanks,
Ajay
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 08 2009 - 15:38:51 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:22 ART