Cisco ACS4.1- Radius Dynamic VLAN assignment not working

siddhartham · ‎01-29-2013

When the users connect their laptop they are getting a authentication prompt but the switch is not changing the VLANs on the port after successfull authentication.Below are the logs on the switch

Jan 28 2013 17:21:32.417 CST: RADIUS: Framed-MTU [12] 6 1500

Jan 28 2013 17:21:32.417 CST: RADIUS: Called-Station-Id [30] 19 "E4-D3-F1-0B-C6-0A"

Jan 28 2013 17:21:32.417 CST: RADIUS: Calling-Station-Id [31] 19 "84-8F-69-A8-BD-1D"

Jan 28 2013 17:21:32.417 CST: RADIUS: EAP-Message [79] 45

Jan 28 2013 17:21:32.417 CST: RADIUS: 02 0E 00 2B 19 00 17 03 01 00 20 8A 07 E9 A6 A9 75 88 06 4A 8C 55 BE 3D EB 49 84 7B 0E 59 5D 3F 93 67 63 82 9C B4 AD 13 9F CA 67 [ + uJU=I{Y]?gcg]

Jan 28 2013 17:21:32.417 CST: RADIUS: Message-Authenticato[80] 18

Jan 28 2013 17:21:32.417 CST: RADIUS: 09 58 21 FE E5 9F 46 44 64 F7 C3 B2 4B 9F C4 35 [ X!FDdK5]

Jan 28 2013 17:21:32.417 CST: RADIUS: EAP-Key-Name [102] 2 *

Jan 28 2013 17:21:32.417 CST: RADIUS: Vendor, Cisco [26] 49

Jan 28 2013 17:21:32.417 CST: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0A0065080000000E524420EE"

Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]

Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-Port [5] 6 50010

Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-Port-Id [87] 21 "GigabitEthernet0/10"

Jan 28 2013 17:21:32.417 CST: RADIUS: State [24] 25

Jan 28 2013 17:21:32.417 CST: RADIUS: 45 41 50 3D 30 2E 32 30 30 2E 31 34 2E 33 3B 53 [EAP=0.200.14.3;S]

Jan 28 2013 17:21:32.417 CST: RADIUS: 56 43 3D 30 2E 38 3B [ VC=0.8;]

Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-IP-Address [4] 6 10.0.101.8

Jan 28 2013 17:21:32.417 CST: RADIUS(00000031): Started 5 sec timeout

Jan 28 2013 17:21:32.425 CST: RADIUS: Received from id 1645/84 10.0.0.20:1645, Access-Accept, len 212

Jan 28 2013 17:21:32.425 CST: RADIUS: authenticator C8 5B D6 8E B2 72 26 F1 - 1B 2D D0 8B 02 96 0D 27

Jan 28 2013 17:21:32.425 CST: RADIUS: Framed-IP-Address [8] 6 255.255.255.255

Jan 28 2013 17:21:32.425 CST: RADIUS: EAP-Message [79] 6

Jan 28 2013 17:21:32.425 CST: RADIUS: 03 0E 00 04

Jan 28 2013 17:21:32.425 CST: RADIUS: Vendor, Microsoft [26] 58

Jan 28 2013 17:21:32.425 CST: RADIUS: MS-MPPE-Send-Key [16] 52 *

Jan 28 2013 17:21:32.425 CST: RADIUS: Vendor, Microsoft [26] 58

Jan 28 2013 17:21:32.425 CST: RADIUS: MS-MPPE-Recv-Key [17] 52 *

Jan 28 2013 17:21:32.425 CST: RADIUS: Tunnel-Type [64] 6 01:VLAN [13]

Jan 28 2013 17:21:32.434 CST: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802 [6]

Jan 28 2013 17:21:32.434 CST: RADIUS: Tunnel-Private-Group[81] 6 01:"103"

Jan 28 2013 17:21:32.434 CST: RADIUS: Class [25] 28

Jan 28 2013 17:21:32.434 CST: RADIUS: 43 41 43 53 3A 30 2F 64 65 31 39 63 2F 61 30 30 [CACS:0/de19c/a00]

Jan 28 2013 17:21:32.434 CST: RADIUS: 36 35 30 38 2F 35 30 30 31 30 [ 6508/50010]

Jan 28 2013 17:21:32.434 CST: RADIUS: Message-Authenticato[80] 18

Jan 28 2013 17:21:32.434 CST: RADIUS: C2 71 F0 8E 8D 10 8B 9F F1 8E 21 32 16 7D 7F D6 [ q!2}]

Jan 28 2013 17:21:32.434 CST: RADIUS(00000031): Received from id 1645/84

Jan 28 2013 17:21:32.434 CST: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes

Jan 28 2013 17:21:32.434 CST: %DOT1X-5-SUCCESS: Authentication successful for client (848f.69a8.bd1d) on Interface Gi0/10 AuditSessionID

Jan 28 2013 17:21:32.434 CST: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (848f.69a8.bd1d) on Interface Gi0/10 AuditSessionID 0A0065080000000E524420EE

Siddhartha

siddhartham · ‎01-29-2013

I should have done little more research before I post this question , found the issue, its the config on the switch.I missed the below line

aaa authorization network default group radius

thanks...

Siddhartha