Hi Sadiq, Divin and Robert,
I could not reply earlier because of limited access to the setup.
I had all the configurations including vlan and aaa defined on switch but
for some reason it was not assigning the vlan. I gave a try again and this
time vlan was assigned successfully. Not sure if this was a problem with
order of operation or surely I had made some small mistake.
Thank you all for your help,
Ajay
2009/7/8 Robert Steeneken <r.steeneken_at_gmail.com>
> did you configure *aaa authorization network default group radius* ?
>
>
> On Wed, Jul 8, 2009 at 12:23 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com>wrote:
>
>> Hey Ajay,
>>
>> Can we see a "show vlan brief" please? Have you locally defined VLAN 255?
>>
>> On Wed, Jul 8, 2009 at 11:08 AM, Ajay mehra <ajaymehra01_at_gmail.com>
>> wrote:
>>
>> > Hello Group,
>> >
>> >
>> > Even though I am receiving the radius attributes from ACS server vlan
>> > assignment is not taking place. Port is in authorized state but is
>> assigned
>> > default vlan 1.
>> >
>> >
>> >
>> > 07:48:27: RADIUS: Tunnel-Type [64] 6 01:VLAN
>> > [13]
>> > 07:48:27: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802
>> > [6]
>> > 07:48:27: RADIUS: Tunnel-Private-Group[81] 6 01:"255"
>> > <<<<<<<<<<<<<<<<<<<<VLAN defined in ACS.
>> > 07:48:27: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
>> > 07:48:27: RADIUS: EAP-Message [79] 6
>> > 07:48:27: RADIUS: 03 17 00 04
>> [????]
>> >
>> > SW1#sh int status | i 0/5
>> > Fa0/5 connected 1 (vlan) a-full a-100
>> > 10/100BaseTX
>> > SW1#
>> > SW1#sh dot1x in fa0/5 de
>> > Dot1x Info for FastEthernet0/5
>> > -----------------------------------
>> > PAE = AUTHENTICATOR
>> > PortControl = AUTO
>> > ControlDirection = Both
>> > HostMode = SINGLE_HOST
>> > ReAuthentication = Disabled
>> > QuietPeriod = 60
>> > ServerTimeout = 30
>> > SuppTimeout = 30
>> > ReAuthPeriod = 3600 (Locally configured)
>> > ReAuthMax = 2
>> > MaxReq = 2
>> > TxPeriod = 30
>> > RateLimitPeriod = 0
>> > Auth-Fail-Vlan = 200
>> > Auth-Fail-Max-attempts = 3
>> > Guest-Vlan = 201
>> > Dot1x Authenticator Client List
>> > -------------------------------
>> > Domain = DATA
>> > Supplicant = 001c.5822.2c30
>> > Auth SM State = AUTHENTICATED
>> > Auth BEND SM State = IDLE
>> > Port Status = AUTHORIZED
>> > Authentication Method = Dot1x
>> > Authorized By = Authentication Server
>> > Vlan Policy = N/A
>> > SW1#
>> >
>> > SW1#sh run int fa0/5
>> > Building configuration...
>> > Current configuration : 179 bytes
>> > !
>> > interface FastEthernet0/5
>> > switchport mode access
>> > dot1x pae authenticator
>> > dot1x port-control auto
>> > dot1x guest-vlan 201
>> > dot1x auth-fail vlan 200
>> > spanning-tree portfast
>> >
>> >
>> >
>> >
>> > Your help is highly appreciated.
>> >
>> > Thanks,
>> > Ajay
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>> --
>> CCIE #19963
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Thu Jul 09 2009 - 15:34:04 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:22 ART