Re: IAS not sending VLAN or switch not getting VLAN assignment

rvaguilera · ‎05-25-2004

HELP!

My config looks right but I am unable to assign VLAN dynamically via 802.1x. Attached is my config and debug.

gfullage · ‎05-25-2004

Your debug output doesn't look quite right. The switch expects a tag number (number 1) to be sent along with the VLAN name, and you'd normally see this in the Radius debug output. For example, yours shows:

Attribute 81 12 6C61626E

where 81 is the attribute number, 12 is the length, and 6c61626e is the hex values of the first 4 bytes of the VLAN name (6C=l, 61=a, 62=b, 6E=n, etc) that you're returning.

What it should look like though is this:

Attribute 81 11 01544541

Note the first byte is 01 for tag number 1, then you get the actual VLAN name (54=T, 45=E, 41=A, etc).

I'm not sure how to set up IAS to return a tag number in attribute 81, check your IAS configuration and see if it can be done. I've known other people to get this working with IAS so it must be possible, I just don't have an IAS server handy that I can check with, sorry.

rvaguilera · ‎05-25-2004

Glenn,

Thanks for your help. I guess I have to keep digging or use Cisco ACS!

aarons · ‎03-15-2005

rvaguilera did you get this working?

Thanks

rvaguilera · ‎06-07-2004

It looks like Windows 2000 IAS is unable to send the Tunnel Tag of 1.

But you can send this attribute in Windows 2003 IAS. There is no documentation on this!