Re: DOT1x vlan is not assigned from ACS from Divin Mathew John on 2009-07-08 (Ccielab archives 07/2009)

From: Divin Mathew John <divinjohn_at_gmail.com>
Date: Wed, 8 Jul 2009 16:24:27 +0530

It has to be VLAN NAME not NUMBER!
Thanking You

Yours Sincerely

Divin Mathew John
divinjohn_at_gmail.com
divin_at_dide3d.com
http://www.dide3d.com
+91 9945430983
+91 9846697191
+974 5008916
PGP PUBLIC KEY BLOCK @ http://www.dide3d.com/divin_Public_PGP_key.txt

On Wed, Jul 8, 2009 at 3:53 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:

> Hey Ajay,
>
> Can we see a "show vlan brief" please? Have you locally defined VLAN 255?
>
> On Wed, Jul 8, 2009 at 11:08 AM, Ajay mehra <ajaymehra01_at_gmail.com> wrote:
>
> > Hello Group,
> >
> >
> > Even though I am receiving the radius attributes from ACS server vlan
> > assignment is not taking place. Port is in authorized state but is
> assigned
> > default vlan 1.
> >
> >
> >
> > 07:48:27: RADIUS: Tunnel-Type [64] 6 01:VLAN
> > [13]
> > 07:48:27: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802
> > [6]
> > 07:48:27: RADIUS: Tunnel-Private-Group[81] 6 01:"255"
> > <<<<<<<<<<<<<<<<<<<<VLAN defined in ACS.
> > 07:48:27: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
> > 07:48:27: RADIUS: EAP-Message [79] 6
> > 07:48:27: RADIUS: 03 17 00 04
> [????]
> >
> > SW1#sh int status | i 0/5
> > Fa0/5 connected 1 (vlan) a-full a-100
> > 10/100BaseTX
> > SW1#
> > SW1#sh dot1x in fa0/5 de
> > Dot1x Info for FastEthernet0/5
> > -----------------------------------
> > PAE = AUTHENTICATOR
> > PortControl = AUTO
> > ControlDirection = Both
> > HostMode = SINGLE_HOST
> > ReAuthentication = Disabled
> > QuietPeriod = 60
> > ServerTimeout = 30
> > SuppTimeout = 30
> > ReAuthPeriod = 3600 (Locally configured)
> > ReAuthMax = 2
> > MaxReq = 2
> > TxPeriod = 30
> > RateLimitPeriod = 0
> > Auth-Fail-Vlan = 200
> > Auth-Fail-Max-attempts = 3
> > Guest-Vlan = 201
> > Dot1x Authenticator Client List
> > -------------------------------
> > Domain = DATA
> > Supplicant = 001c.5822.2c30
> > Auth SM State = AUTHENTICATED
> > Auth BEND SM State = IDLE
> > Port Status = AUTHORIZED
> > Authentication Method = Dot1x
> > Authorized By = Authentication Server
> > Vlan Policy = N/A
> > SW1#
> >
> > SW1#sh run int fa0/5
> > Building configuration...
> > Current configuration : 179 bytes
> > !
> > interface FastEthernet0/5
> > switchport mode access
> > dot1x pae authenticator
> > dot1x port-control auto
> > dot1x guest-vlan 201
> > dot1x auth-fail vlan 200
> > spanning-tree portfast
> >
> >
> >
> >
> > Your help is highly appreciated.
> >
> > Thanks,
> > Ajay
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 08 2009 - 16:24:27 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:22 ART