11-14-2019 12:22 PM
any ideas why workstations keep going into guest vlan? what are your workarounds?
current config:
interface GigabitEthernetX/X
description xxxx
switchport
switchport access vlan 22
switchport mode access
switchport voice vlan 26
authentication event server dead action authorize vlan 22
authentication event server dead action authorize voice
authentication event no-response action authorize vlan 27
authentication host-mode multi-domain
authentication port-control auto
authentication violation replace
mls qos trust dscp
dot1x pae authenticator
no cdp enable
I was thinking of adding this below into port config:
11-14-2019 12:37 PM
11-14-2019 12:48 PM
vlan 27 is guest vlan with Internet access only. Users seem to randomly lose full access and get kicked into vlan 27. I can share AAA config of switch. Unfortunately, I dont have access to 802.1x server.
switch#sh run aaa
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp default group RAD1 local
aaa authentication dot1x default group RAD1
aaa authorization network default group RAD1
aaa accounting exec default start-stop group RAD1
aaa accounting connection default start-stop group RAD1
aaa accounting network default start-stop group RAD1
aaa accounting system default start-stop group RAD1
!
radius server ABC
address ipv4 1.1.1.1 auth-port 1812 acct-port 1813
key xxxxx
radius-server timeout 8
aaa group server radius RAD1
server name ABC
!
!
!
aaa new-model
aaa session-id common
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: