Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
0
Helpful
0
Replies

Cisco Nexus 5548 dot1x guest vlan

mattzubiel
Level 1
Level 1

‎01-24-2018 01:22 PM - edited ‎02-21-2020 10:44 AM

I've got an issue with my Cisco Nexus 5548UP switch.  I'm running version 7.1(4)N1(1).

 

I've got 802.1X authentication working - i.e. supplicant authenticates to the RADIUS Server and gets an Access-Accept message back.  The port becomes authorized and is connected.  My next step was to configure a guest vlan, but am running in to issues configuring the interface.

 

sh run

version 7.1(4)N1(1)
feature interface-vlan
feature dot1x
radius-server key 7 //key//
radius-server host //ip addr// authentication accounting
aaa group server radius RadServer
  server //ip addr//
  deadtime 30
  use-vrf management
aaa authentication dot1x default group RadServer

interface Ethernet101/1/10
  description aaatest
  dot1x port-control auto
  dot1x re-authentication
  dot1x max-req 3
  dot1x timeout quiet-period 25
  dot1x timeout re-authperiod 3300
  dot1x timeout tx-period 40
  dot1x timeout server-timeout 60
  dot1x timeout ratelimit-period 10
  dot1x timeout supp-timeout 20
  dot1x pae authenticator
  dot1x mac-auth-bypass eap
  switchport access vlan 1

However, when I try to configure guest-vlan, the command isn't available:

 

 

router(config-if)# dot1x ?
  default            Configure Dot1x with default values for this port
  host-mode          Role of 802.1x authenticating entity
  mac-auth-bypass    Configure Mac-Auth-Bypass
  max-reauth-req     Maximum Re-authentication Attempts Before Failing
  max-req            Maximum Retries to Initiate Authentication
  pae                Role of 802.1x authenticating entity
  port-control       Port control
  re-authentication  Enable or Disable Reauthentication for this port
  timeout            Various Timeouts

According to the documentation online, I should have that feature available:  Cisco Nexus 5500 Series NX-OS Security Configuration Guide, Release 7.x (https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/security/7x/b_5500_Security_Config_7x/b_5500_Security_Config_7x_chapter_0111.html#concept_D3AE0E4CD4EA45FFA69CFC9A11772643)

 

Has anyone had luck configuring either guest-vlan or auth-fail on a Nexus 5500 series?

 

Thanks in advance for any help or tips.

 

Matthew

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents