Solved: NEAT

R2C CCIE/CWNE · ‎07-02-2019

Client gets authenticated and result is applied but supplicant switch errors the VLAN TEST is non-existent or shutdown which is both no true. Is this a limitation of CISP?

%DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdown VLAN TEST to 802.1x port GigabitEthernet0/2 AuditSessionID 0A5D0B010000001D005D1423
Jul 2 17:15:00.622: %DOT1X-5-RESULT_OVERRIDE: Authentication result overridden for client (18db.f20a.85ef) on Interface Gi0/2 AuditSessionID 0A5D0B010000001D005D1423

Mohammed al Baqari · ‎07-02-2019

Hi,

You are trying to assign vlan to the port from NAS server but this vlan
(called TEST) doesn't exist in the switch. You need to create the vlan in
the switch to be able to assign it to the port after successful
authentication.

***** remember to rate useful posts

View solution in original post

Mohammed al Baqari · ‎07-02-2019

Hi,

You are trying to assign vlan to the port from NAS server but this vlan
(called TEST) doesn't exist in the switch. You need to create the vlan in
the switch to be able to assign it to the port after successful
authentication.

***** remember to rate useful posts

Mohammed al Baqari · ‎07-02-2019

run the following debugs on the NAD

debug dot1x events
debug radius authen

>From this we can see if the your supplicant is trying dot1x or not and what
radius packets are showing. Also, go to ISE > Operation > Reports >
Endpoints and Users > Radius authentication and hit on any of the failed
endpoint authentications to see the reason for dot1x failure

**** remember to rate useful posts

NEAT

Sound like a neat solution...

NEAT - Configuration

NEAT and Cisco ISE

NEAT x BPDUGuard

FlexConnect AP, ISE and NEAT