02-05-2018 03:16 AM - edited 02-21-2020 10:44 AM
Peace,
whatever I do, I either can't get authenticated or get authenticated on the data vlan.
here is the relevant switch configuration:
aaa group server tacacs+ Great
aaa group server radius U-turn
aaa authentication dot1x default group U-turn
aaa authorization network default group U-turn group Great local
dot1x system-auth-control
interface GigabitEthernet1/0/28
description Experiment
switchport access vlan 24
switchport mode access
switchport voice vlan 23
authentication port-control auto
authentication host-mode multi-domain
authentication violation protect
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable
end
here is the freeradius configuration which causes authentication on the data vlan:
reply attributes:
Tunnel-Medium-Type:1:=802
Tunnel-Private-Group-Id:1:=23
Check attributes:
Cleartext-Password:=communistssuck
Cisco-AVPair:=device-traffic-class=voice
anybody works for a money loving Government which instead of upgrading acs or getting ise forces to innovate with free radius?
Any idea what the correct attributes are or the how to configure this?
Solved! Go to Solution.
02-12-2018 03:29 AM
The secret has been unmasked!
reply attributes:
Cisco-AVPair="device-traffic-class=voice"
Tunnel-Medium-Type=802
Tunnel-Private-Group-Id=23
Check attributes:
Cleartext-Password:=communistssuck
not the "=" and the ":=" accordingly
02-12-2018 03:29 AM
The secret has been unmasked!
reply attributes:
Cisco-AVPair="device-traffic-class=voice"
Tunnel-Medium-Type=802
Tunnel-Private-Group-Id=23
Check attributes:
Cleartext-Password:=communistssuck
not the "=" and the ":=" accordingly
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide