01-29-2013 07:32 AM - edited 03-10-2019 08:01 PM
When the users connect their laptop they are getting a authentication prompt but the switch is not changing the VLANs on the port after successfull authentication.Below are the logs on the switch
Jan 28 2013 17:21:32.417 CST: RADIUS: Framed-MTU [12] 6 1500
Jan 28 2013 17:21:32.417 CST: RADIUS: Called-Station-Id [30] 19 "E4-D3-F1-0B-C6-0A"
Jan 28 2013 17:21:32.417 CST: RADIUS: Calling-Station-Id [31] 19 "84-8F-69-A8-BD-1D"
Jan 28 2013 17:21:32.417 CST: RADIUS: EAP-Message [79] 45
Jan 28 2013 17:21:32.417 CST: RADIUS: 02 0E 00 2B 19 00 17 03 01 00 20 8A 07 E9 A6 A9 75 88 06 4A 8C 55 BE 3D EB 49 84 7B 0E 59 5D 3F 93 67 63 82 9C B4 AD 13 9F CA 67 [ + uJU=I{Y]?gcg]
Jan 28 2013 17:21:32.417 CST: RADIUS: Message-Authenticato[80] 18
Jan 28 2013 17:21:32.417 CST: RADIUS: 09 58 21 FE E5 9F 46 44 64 F7 C3 B2 4B 9F C4 35 [ X!FDdK5]
Jan 28 2013 17:21:32.417 CST: RADIUS: EAP-Key-Name [102] 2 *
Jan 28 2013 17:21:32.417 CST: RADIUS: Vendor, Cisco [26] 49
Jan 28 2013 17:21:32.417 CST: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0A0065080000000E524420EE"
Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-Port-Type [61] 6 Ethernet [15]
Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-Port [5] 6 50010
Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-Port-Id [87] 21 "GigabitEthernet0/10"
Jan 28 2013 17:21:32.417 CST: RADIUS: State [24] 25
Jan 28 2013 17:21:32.417 CST: RADIUS: 45 41 50 3D 30 2E 32 30 30 2E 31 34 2E 33 3B 53 [EAP=0.200.14.3;S]
Jan 28 2013 17:21:32.417 CST: RADIUS: 56 43 3D 30 2E 38 3B [ VC=0.8;]
Jan 28 2013 17:21:32.417 CST: RADIUS: NAS-IP-Address [4] 6 10.0.101.8
Jan 28 2013 17:21:32.417 CST: RADIUS(00000031): Started 5 sec timeout
Jan 28 2013 17:21:32.425 CST: RADIUS: Received from id 1645/84 10.0.0.20:1645, Access-Accept, len 212
Jan 28 2013 17:21:32.425 CST: RADIUS: authenticator C8 5B D6 8E B2 72 26 F1 - 1B 2D D0 8B 02 96 0D 27
Jan 28 2013 17:21:32.425 CST: RADIUS: Framed-IP-Address [8] 6 255.255.255.255
Jan 28 2013 17:21:32.425 CST: RADIUS: EAP-Message [79] 6
Jan 28 2013 17:21:32.425 CST: RADIUS: 03 0E 00 04
Jan 28 2013 17:21:32.425 CST: RADIUS: Vendor, Microsoft [26] 58
Jan 28 2013 17:21:32.425 CST: RADIUS: MS-MPPE-Send-Key [16] 52 *
Jan 28 2013 17:21:32.425 CST: RADIUS: Vendor, Microsoft [26] 58
Jan 28 2013 17:21:32.425 CST: RADIUS: MS-MPPE-Recv-Key [17] 52 *
Jan 28 2013 17:21:32.425 CST: RADIUS: Tunnel-Type [64] 6 01:VLAN [13]
Jan 28 2013 17:21:32.434 CST: RADIUS: Tunnel-Medium-Type [65] 6 01:ALL_802 [6]
Jan 28 2013 17:21:32.434 CST: RADIUS: Tunnel-Private-Group[81] 6 01:"103"
Jan 28 2013 17:21:32.434 CST: RADIUS: Class [25] 28
Jan 28 2013 17:21:32.434 CST: RADIUS: 43 41 43 53 3A 30 2F 64 65 31 39 63 2F 61 30 30 [CACS:0/de19c/a00]
Jan 28 2013 17:21:32.434 CST: RADIUS: 36 35 30 38 2F 35 30 30 31 30 [ 6508/50010]
Jan 28 2013 17:21:32.434 CST: RADIUS: Message-Authenticato[80] 18
Jan 28 2013 17:21:32.434 CST: RADIUS: C2 71 F0 8E 8D 10 8B 9F F1 8E 21 32 16 7D 7F D6 [ q!2}]
Jan 28 2013 17:21:32.434 CST: RADIUS(00000031): Received from id 1645/84
Jan 28 2013 17:21:32.434 CST: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes
Jan 28 2013 17:21:32.434 CST: %DOT1X-5-SUCCESS: Authentication successful for client (848f.69a8.bd1d) on Interface Gi0/10 AuditSessionID
Jan 28 2013 17:21:32.434 CST: %AUTHMGR-7-RESULT: Authentication result 'success' from 'dot1x' for client (848f.69a8.bd1d) on Interface Gi0/10 AuditSessionID 0A0065080000000E524420EE
Siddhartha
01-29-2013 07:48 AM
I should have done little more research before I post this question , found the issue, its the config on the switch.I missed the below line
aaa authorization network default group radius
thanks...
Siddhartha
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide