Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
1
Helpful
2
Replies

No Radius Server assigned VLAN on 3750 Switch (802.1X)

hannes1967
Level 1
Level 1

‎11-09-2023 04:39 AM

Dear experts,

Problem on Switch and Freeradius running on MacBook.

Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)

Have problems to assign Radius VLAN 100 to Gig1/0/23

Debugging Radius Auth:

Nov  9 11:34:42.254: RADIUS: Received from id 1645/128 5.5.5.101:1812, Access-Challenge, len 81

.Nov  9 11:34:42.254: RADIUS:  authenticator 1A C5 0A 04 0B BA A9 16 - 27 45 9C 2C B5 43 82 55

.Nov  9 11:34:42.254: RADIUS:  Tunnel-Type         [64]  6   00:VLAN                   [13]

.Nov  9 11:34:42.254: RADIUS:  Tunnel-Medium-Type  [65]  6   00:ALL_802                [6]

.Nov  9 11:34:42.254: RADIUS:  Tunnel-Private-Group[81]  5   "100"

.Nov  9 11:34:42.254: RADIUS:  EAP-Message         [79]  8   

.Nov  9 11:34:42.262: RADIUS:   01 03 00 06 19 20                 [  ]

.Nov  9 11:34:42.262: RADIUS:  Message-Authenticato[80]  18  

Configuration Interface:

interface GigabitEthernet1/0/23
switchport mode access
authentication open
authentication port-control auto
dot1x pae both
spanning-tree portfast

 

show:

show authentication sessions interface g 1/0/23
Interface: GigabitEthernet1/0/23
MAC Address: 8069.1a57.9d72
IP Address: Unknown
User-Name: bob
Status: Authz Success
Domain: DATA
Security Policy: Should Secure
Security Status: Unsecure
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0505050500000015006B749A
Acct Session ID: 0x00000018
Handle: 0xF8000015

3750#sh int g 1/0/23 switchport
Name: Gi1/0/23
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Hope this description of the problem is enough.

regards, Hannes

Labels:
0 Helpful
2 Replies 2

andrewswanson
Level 7
Level 7

‎11-09-2023 07:57 AM

Hi

Do you have a vlan with vlan-id 100 already configured on the 3750 switch?

hth

Andy

hannes1967
Level 1
Level 1
In response to andrewswanson

‎11-10-2023 01:27 AM

yes, with a specific ip address.
It has something to do with peap.
MAB is working.

0 Helpful
Customers Also Viewed These Support Documents