Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1216
Views
0
Helpful
4
Replies

802.1x VLAN assignment

Go to solution
humair.amil
Level 1
Level 1

‎10-01-2015 12:58 AM - edited ‎03-10-2019 11:06 PM

Hi all,

 

We have 802.1x authentication setup on our switches.

 

The switch ports have the following configured on them.

 

switchport access vlan 5

switchport mode access

switchport nonegotiate

switchport protected

logging event link-status

authentication port-control auto

dot1x pae authenticator

dot1x timeout tx-period 5

dot1x max-req 3

no cdp enable

spanning-tree portfast

spanning-tree bpduguard enable

ip verify source

 

Also, the network policy server is configured to assign VLAN 9 to the devices the authenticate successfully.

 

I can't seem to find out that which one will take precedence? For example, if I connect a device to a switch port that has "switchport access vlan 5" configured but the network policy servers return VLAN 9 to the switch on successful authentication of the device then which VLAN will the switch put the device in?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason van den Berg
Level 1
Level 1

‎10-01-2015 02:40 AM

Hi,

 

It will be placed in vlan 9. You can confirm this by issuing the following command on the switch "sh authentication sessions interface <interface id>" where interface id is the interface the device is connected to. An alternative is to enable logging on the switch en check the logs for interface events which will confirm the vlan the device is placed in.

 

Regards,

Jason

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason van den Berg
Level 1
Level 1

‎10-01-2015 02:40 AM

Hi,

 

It will be placed in vlan 9. You can confirm this by issuing the following command on the switch "sh authentication sessions interface <interface id>" where interface id is the interface the device is connected to. An alternative is to enable logging on the switch en check the logs for interface events which will confirm the vlan the device is placed in.

 

Regards,

Jason

0 Helpful

Go to solution
mbilgrav
Level 3
Level 3
In response to Jason van den Berg

‎10-01-2015 02:40 AM

"show interface status" will also show you the VLAN a given accessport is placed in.

 

0 Helpful

Go to solution
humair.amil
Level 1
Level 1
In response to mbilgrav

‎10-01-2015 03:07 AM

Thanks everyone.

0 Helpful

Go to solution
Shahzad Qadir
Level 1
Level 1

‎10-01-2015 02:44 AM

You can also check 'show int switchport' . That should show operational mode and Vlan assigned.

0 Helpful
Customers Also Viewed These Support Documents
Top