cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

379
Views
0
Helpful
4
Replies
Highlighted
Beginner

802.1x VLAN assignment

Hi all,

 

We have 802.1x authentication setup on our switches.

 

The switch ports have the following configured on them.

 

switchport access vlan 5

switchport mode access

switchport nonegotiate

switchport protected

logging event link-status

authentication port-control auto

dot1x pae authenticator

dot1x timeout tx-period 5

dot1x max-req 3

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

ip verify source

 

Also, the network policy server is configured to assign VLAN 9 to the devices the authenticate successfully.

 

I can't seem to find out that which one will take precedence? For example, if I connect a device to a switch port that has "switchport access vlan 5" configured but the network policy servers return VLAN 9 to the switch on successful authentication of the device then which VLAN will the switch put the device in?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

 

It will be placed in vlan 9. You can confirm this by issuing the following command on the switch "sh authentication sessions interface <interface id>" where interface id is the interface the device is connected to. An alternative is to enable logging on the switch en check the logs for interface events which will confirm the vlan the device is placed in.

 

Regards,

Jason

View solution in original post

4 REPLIES 4
Highlighted

Hi,

 

It will be placed in vlan 9. You can confirm this by issuing the following command on the switch "sh authentication sessions interface <interface id>" where interface id is the interface the device is connected to. An alternative is to enable logging on the switch en check the logs for interface events which will confirm the vlan the device is placed in.

 

Regards,

Jason

View solution in original post

Highlighted

"show interface status" will also show you the VLAN a given accessport is placed in.

 

Highlighted

Thanks everyone.

Highlighted
Beginner

You can also check 'show int switchport' . That should show operational mode and Vlan assigned.