Re: does CBS250-48T-4G support VLAN assignement via RADIUS?

KMatgp · ‎04-05-2023

Hello,

I currently use a cisco switch CBS250-48T-4G on the firmware 3.3.0.16 and i would like to know if this is possible to assign VLAN dynamically with my RADIUS server.

I managed to setup this configuration with a netgear cisco, but i can't find the settings that take the VLAN ID from the packet sent from RADIUS server to the cisco switch, and change de PVID of the port used. (the 802.1x authentication work fine)

Is dynamic VLAN assignement is a feature that support the CBS250?

Thank in advance

KM

M02@rt37 · ‎04-05-2023

Hello @KMatgp,

To configure dynamic VLAN assignment on the CBS250 switch, you need to configure the RADIUS server to send the VLAN ID in the RADIUS attribute 64 (Tunnel-Private-Group-ID) or 65 (Tunnel-Type and Tunnel-Medium-Type). Once the RADIUS server sends the VLAN ID to the switch, the switch can assign the VLAN dynamically to the port based on the user's authentication credentials.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

KMatgp · ‎04-05-2023

Hello

Thank for the answer,

I did configured my radius server so he send this to my host:

i can manually switch the PVID of the port, but i would like to be
dynamic with RADIUS attribute sent to cisco switch.

i configured the VLAN 100 on my cisco switch, but the host still stay on
the defaut VLAN 1.

Is there any specific RADIUS attribute for cisco switch ?

Thanks

M02@rt37 · ‎04-05-2023

Yes @KMatgp, there are several RADIUS attributes that can be used to dynamically assign VLANs on a Cisco switch based on the authentication result received from the RADIUS server. The most common attribute used for this purpose is the "Tunnel-Private-Group-Id" (Tunnel-PGID) attribute. This attribute is used to specify the VLAN ID that the authenticated user should be placed into.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

KMatgp · ‎09-05-2023

Hi,

Thank you for the explaination,

but i still can't manage to assign a vlan through radius authentication.

the attribute sent by my RADIUS server after the authenticaton are the
next one:

                         Tunnel-type = VLAN
                         Tunnel-medium-type = IEEE-802
                         Tunnel-Private-Group-ID = 100

despite the authentication work well and the attribute seems to be the
good one, the port authenticated stay in his default VLAN1 instead of
VLAN 100.

Currently, the port is in "access" mode, and according to the settings
in the "VLAN Management > Port VLAN Membership" i'd rather put the port
in "General Mode Membership" but when i try to change it in "VLAN
Management > inteface Settings" there's only either "access" or "trunk"
mode.

i might don't see the good settings part that permit me to put the port
in the adequat mode.

Does the port have to be in "General Mode Membership" to be assigned a
VLAN dynamically?

M02@rt37 · ‎09-05-2023

Hello @KMatgp,

In order to assign a VLAN dynamically using RADIUS, the port should be in "General Mode Membership" or "Trunk Mode Membership". However, it is important to note that the VLAN ID sent from the RADIUS server needs to match an existing VLAN on the switch for the assignment to work.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

g.schacher · ‎17-04-2024

Hello M02@rt37,

we have the same problem with CBS250-16P. I am not sure about the RADIUS attributes.
Our settings are: attribute 64 (Tunnel-Type) = Virtual LANs (VLAN)
attribute 65 (Tunnel-Medium-Type) = 802 (includes all 802 plus Ethernet...)
attribute 81 (Tunnel-Pvt-Group-ID) = 108
It's working with all other Cisco-Switches.
On CBS250: GVRP is set globally and on the port;
port is in "General Mode Membership";
VLAN 108 still exists;

Port still stay in VLAN 1

Any suggests?

Guido

does CBS250-48T-4G support VLAN assignement via RADIUS?

Liens rapides