05-01-2007 07:57 AM - edited 03-10-2019 03:07 PM
We are working on configuring a NAC Framework test network. We've got to the point where we can successfully evaluate and flag a client PC as healthy or quarantine and enable/disable it's switchport as appropriate. The next step that we are having a problem with is assigning the port to a VLAN, whatever we do the port always seems to stay in the default VLAN1. We've created additional VLANs for healthy and quarantined PCs but can't get the ports assigned whatever we try. We're pretty sure we are getting the syntax of the various settings in ACS correct as wherever possible we are using templates to create settings profiles and where no templates are available we've checked our settings very carefully.
The only error we can see is from a radius debug on the switch during the authentication process where it returns these messages:
03:48:39: dot1x-ev:Received VLAN is No Vlan
03:48:39: dot1x-ev:Received VLAN Id -1
There are several repeats of these during the debug.
Any ideas?
05-07-2007 07:12 AM
05-30-2007 11:29 AM
did you configure these 3 attributes? You must set them so that the VLAN ID/Name can be assigned correctly. And on the switch you must include AAA network too.
IETF 64 (Tunnel Type)Set this to VLAN
IETF 65 (Tunnel Medium Type) Set this to 802
IETF 81 (Tunnel Private Group ID)Set this to VLAN ID/name
05-30-2007 11:02 PM
Yes I had all those set but I have solved the problem! I'd upgraded IOS on the switch to the required version for NAC, executed the boot command to get it to boot the correct version but for some reason it didn't take effect. Took me a while to notice it was still running the old IOS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide