Good man!
On Thu, Jul 9, 2009 at 11:04 AM, Ajay mehra <ajaymehra01_at_gmail.com> wrote:
> Hi Sadiq, Divin and Robert,
>
> I could not reply earlier because of limited access to the setup.
> I had all the configurations including vlan and aaa defined on switch but
> for some reason it was not assigning the vlan. I gave a try again and this
> time vlan was assigned successfully. Not sure if this was a problem with
> order of operation or surely I had made some small mistake.
>
>
>
> Thank you all for your help,
> Ajay
>
>
>
>
> 2009/7/8 Robert Steeneken <r.steeneken_at_gmail.com>
>
> did you configure *aaa authorization network default group radius* ?
>>
>>
>> On Wed, Jul 8, 2009 at 12:23 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com>wrote:
>>
>>> Hey Ajay,
>>>
>>> Can we see a "show vlan brief" please? Have you locally defined VLAN 255?
>>>
>>> On Wed, Jul 8, 2009 at 11:08 AM, Ajay mehra <ajaymehra01_at_gmail.com>
>>> wrote:
>>>
>>> > Hello Group,
>>> >
>>> >
>>> > Even though I am receiving the radius attributes from ACS server vlan
>>> > assignment is not taking place. Port is in authorized state but is
>>> assigned
>>> > default vlan 1.
>>> >
>>> >
>>> >
>>> > 07:48:27: RADIUS: Tunnel-Type [64] 6 01:VLAN
>>> > [13]
>>> > 07:48:27: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802
>>> > [6]
>>> > 07:48:27: RADIUS: Tunnel-Private-Group[81] 6 01:"255"
>>> > <<<<<<<<<<<<<<<<<<<<VLAN defined in ACS.
>>> > 07:48:27: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
>>> > 07:48:27: RADIUS: EAP-Message [79] 6
>>> > 07:48:27: RADIUS: 03 17 00 04
>>> [????]
>>> >
>>> > SW1#sh int status | i 0/5
>>> > Fa0/5 connected 1 (vlan) a-full
>>> a-100
>>> > 10/100BaseTX
>>> > SW1#
>>> > SW1#sh dot1x in fa0/5 de
>>> > Dot1x Info for FastEthernet0/5
>>> > -----------------------------------
>>> > PAE = AUTHENTICATOR
>>> > PortControl = AUTO
>>> > ControlDirection = Both
>>> > HostMode = SINGLE_HOST
>>> > ReAuthentication = Disabled
>>> > QuietPeriod = 60
>>> > ServerTimeout = 30
>>> > SuppTimeout = 30
>>> > ReAuthPeriod = 3600 (Locally configured)
>>> > ReAuthMax = 2
>>> > MaxReq = 2
>>> > TxPeriod = 30
>>> > RateLimitPeriod = 0
>>> > Auth-Fail-Vlan = 200
>>> > Auth-Fail-Max-attempts = 3
>>> > Guest-Vlan = 201
>>> > Dot1x Authenticator Client List
>>> > -------------------------------
>>> > Domain = DATA
>>> > Supplicant = 001c.5822.2c30
>>> > Auth SM State = AUTHENTICATED
>>> > Auth BEND SM State = IDLE
>>> > Port Status = AUTHORIZED
>>> > Authentication Method = Dot1x
>>> > Authorized By = Authentication Server
>>> > Vlan Policy = N/A
>>> > SW1#
>>> >
>>> > SW1#sh run int fa0/5
>>> > Building configuration...
>>> > Current configuration : 179 bytes
>>> > !
>>> > interface FastEthernet0/5
>>> > switchport mode access
>>> > dot1x pae authenticator
>>> > dot1x port-control auto
>>> > dot1x guest-vlan 201
>>> > dot1x auth-fail vlan 200
>>> > spanning-tree portfast
>>> >
>>> >
>>> >
>>> >
>>> > Your help is highly appreciated.
>>> >
>>> > Thanks,
>>> > Ajay
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>>>
>>> --
>>> CCIE #19963
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
-- CCIE #19963 Blogs and organic groups at http://www.ccie.netReceived on Thu Jul 09 2009 - 11:23:47 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:22 ART