Re: DOT1x vlan is not assigned from ACS from Sadiq Yakasai on 2009-07-08 (Ccielab archives 07/2009)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Wed, 8 Jul 2009 11:23:46 +0100

Hey Ajay,

Can we see a "show vlan brief" please? Have you locally defined VLAN 255?

On Wed, Jul 8, 2009 at 11:08 AM, Ajay mehra <ajaymehra01_at_gmail.com> wrote:

> Hello Group,
>
>
> Even though I am receiving the radius attributes from ACS server vlan
> assignment is not taking place. Port is in authorized state but is assigned
> default vlan 1.
>
>
>
> 07:48:27: RADIUS: Tunnel-Type [64] 6 01:VLAN
> [13]
> 07:48:27: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802
> [6]
> 07:48:27: RADIUS: Tunnel-Private-Group[81] 6 01:"255"
> <<<<<<<<<<<<<<<<<<<<VLAN defined in ACS.
> 07:48:27: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
> 07:48:27: RADIUS: EAP-Message [79] 6
> 07:48:27: RADIUS: 03 17 00 04 [????]
>
> SW1#sh int status | i 0/5
> Fa0/5 connected 1 (vlan) a-full a-100
> 10/100BaseTX
> SW1#
> SW1#sh dot1x in fa0/5 de
> Dot1x Info for FastEthernet0/5
> -----------------------------------
> PAE = AUTHENTICATOR
> PortControl = AUTO
> ControlDirection = Both
> HostMode = SINGLE_HOST
> ReAuthentication = Disabled
> QuietPeriod = 60
> ServerTimeout = 30
> SuppTimeout = 30
> ReAuthPeriod = 3600 (Locally configured)
> ReAuthMax = 2
> MaxReq = 2
> TxPeriod = 30
> RateLimitPeriod = 0
> Auth-Fail-Vlan = 200
> Auth-Fail-Max-attempts = 3
> Guest-Vlan = 201
> Dot1x Authenticator Client List
> -------------------------------
> Domain = DATA
> Supplicant = 001c.5822.2c30
> Auth SM State = AUTHENTICATED
> Auth BEND SM State = IDLE
> Port Status = AUTHORIZED
> Authentication Method = Dot1x
> Authorized By = Authentication Server
> Vlan Policy = N/A
> SW1#
>
> SW1#sh run int fa0/5
> Building configuration...
> Current configuration : 179 bytes
> !
> interface FastEthernet0/5
> switchport mode access
> dot1x pae authenticator
> dot1x port-control auto
> dot1x guest-vlan 201
> dot1x auth-fail vlan 200
> spanning-tree portfast
>
>
>
>
> Your help is highly appreciated.
>
> Thanks,
> Ajay
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Wed Jul 08 2009 - 11:23:46 ART

This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:22 ART