Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
0
Helpful
2
Replies

802.1x Dynamic VLAN Switching Question

adam.schwartzberg
Level 1
Level 1

‎07-14-2010 01:10 PM - edited ‎03-10-2019 05:15 PM

Trying to set up 802.1x dynamic VLAN switching, and have a question. I think I've gotten it working except for one part. The VLAN on a protected interface is never getting switched. I can see an entry in the ACS stating that it applied the appropriate VLAN via RADIUS response, but it never changes on the switch.

Environment:

ACS Express 5.0.1

C3550 running c3550-ipbasek9-mz.122-44.SE6.bin

Switch config:

aaa new-model

aaa group server radius dot1x

server-private 10.10.1.4 auth-port 1645 acct-port 1646 key 7 071C244F5C0C0D544541

aaa authentication dot1x default group dot1x
dot1x system-auth-control
dot1x guest-vlan supplicant
interface FastEthernet0/3
switchport access vlan 3
switchport mode access
speed 100
duplex full
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
dot1x timeout tx-period 5
dot1x timeout supp-timeout 5
spanning-tree portfast
ip radius source-interface FastEthernet0/1 vrf default!
radius-server host 10.10.1.4 auth-port 1645 acct-port 1646 key 7 01000307490E125E731F
Am I missing something easy?

Labels:
0 Helpful
2 Replies 2

Javier Henderson
Level 4
Level 4

‎07-15-2010 10:24 AM

The output of "debug radius"  should help, can you capture it and post it?

0 Helpful

adam.schwartzberg
Level 1
Level 1
In response to Javier Henderson

‎07-15-2010 10:49 AM

It looks like "aaa authorization network default group dot1x" was the missing command I needed to get this working.

The only issue I'm having now is that if the client fails to meet the authentication requirements, the line status gets set as "down"

0 Helpful
Customers Also Viewed These Support Documents