cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2372
Views
0
Helpful
2
Replies
kayasaman
Beginner

Mac Address Bypass not working on 3560G

Hi,

I'm trying to configure MAB on a Cisco 3560G to work with FreeRADIUS.

I have been assured that my RADIUS configuration is fine and the server is functioning properly.

This is my current switch config:

Header 1

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

logging file flash:mab.txt 256000 debugging

enable password admin

!

username admin privilege 15 password 0 admin

!

!

aaa new-model

!

!

aaa group server radius test

server 10.0.0.90 auth-port 1812 acct-port 1813

!

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa accounting delay-start

aaa accounting dot1x default start-stop group radius

aaa accounting dot1x system start-stop group radius

aaa accounting network default start-stop group radius

!

!

!

aaa session-id common

system mtu routing 1500

authentication mac-move permit

mab request format attribute 32 vlan access-vlan

ip subnet-zero

!

ip dhcp pool dpool1

   network 10.0.0.0 255.255.255.0

!

ip dhcp pool dpool20

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

!

!

!

!

crypto pki trustpoint TP-self-signed-2405477248

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2405477248

revocation-check none

rsakeypair TP-self-signed-2405477248

!

!

crypto pki certificate chain TP-self-signed-2405477248

certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer

dot1x system-auth-control

!

!

!

archive

log config

  logging enable

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

interface GigabitEthernet0/1

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface GigabitEthernet0/5

!

interface GigabitEthernet0/6

!

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

switchport mode access

authentication event server alive action reinitialize

authentication open

authentication order mab

authentication priority mab

authentication port-control auto

authentication timer reauthenticate 10

authentication timer inactivity 1200

mab

dot1x pae authenticator

dot1x timeout tx-period 6

spanning-tree portfast

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface GigabitEthernet0/25

!

interface GigabitEthernet0/26

!

interface GigabitEthernet0/27

!

interface GigabitEthernet0/28

!

interface Vlan1

ip address 10.0.0.1 255.255.255.0

!

interface Vlan20

ip address 10.10.10.1 255.255.255.0

!

ip classless

ip http server

ip http secure-server

!

!

ip radius source-interface Vlan1

ip sla enable reaction-alerts

!

radius-server dead-criteria time 30 tries 3

radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 non-standard key pass

radius-server retransmit 6

radius-server timeout 10

radius-server vsa send accounting

radius-server vsa send authentication

!

!

line con 0

logging synchronous

line vty 0 4

transport input telnet

line vty 5 15

transport input telnet

!

end

These are the errors I'm getting:

Header 1

*Mar  1 04:22:37.194: %MAB-5-FAIL: Authentication failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:22:37.194: %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:22:37.194: %AUTHMGR-5-FAIL: Authorization failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:23:38.053: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.0.0.90:1812,1813 is not responding.

*Mar  1 04:23:38.062: %MAB-5-FAIL: Authentication failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:23:38.062: %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:23:38.062: %AUTHMGR-5-FAIL: Authorization failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:23:38.062: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.0.0.90:1812,1813 is being marked alive.

*Mar  1 04:23:44.412: %SYS-5-CONFIG_I: Configured from console by console

*Mar  1 04:24:38.778: mab-ev(Gi0/13): Reauthenticating client 0x31000001 (0015.c553.7baa)

*Mar  1 04:24:38.778: mab-sm(Gi0/13): Received event 'MAB_REAUTHENTICATE' on handle 0x31000001

*Mar  1 04:24:38.778:     mab : during state mab_terminate, got event 2(mabReauthenticate)

*Mar  1 04:24:38.778: @@@ mab : mab_terminate -> mab_authorizing

*Mar  1 04:24:38.778: mab-ev(Gi0/13): Sending create new context event to EAP from MAB for 0x31000001 (0015.c553.7baa)

*Mar  1 04:24:38.778: mab-ev(Gi0/13): Starting MAC-AUTH-BYPASS for 0x31000001 (0015.c553.7baa)

*Mar  1 04:24:38.778: mab-ev(Gi0/13): Attribute (NAS-Identifier) value 1 received for 0x31000001 (0015.c553.7baa)

*Mar  1 04:24:38.778: RADIUS/ENCODE(00000009):Orig. component type = DOT1X

*Mar  1 04:24:38.778: RADIUS(00000009): Config NAS IP: 10.0.0.1

*Mar  1 04:24:38.778: RADIUS(00000009): Started 10 sec timeout

*Mar  1 04:24:38.988: RADIUS: Received from id 1645/250 10.0.0.90:1812, Access-Accept, len 42

*Mar  1 04:24:38.988: RADIUS/DECODE: Ascend auth type; FAIL

*Mar  1 04:24:38.988: RADIUS/DECODE: decoder; FAIL

*Mar  1 04:24:38.988: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL

*Mar  1 04:24:38.988: RADIUS/DECODE: parse response op decode; FAIL

*Mar  1 04:24:38.988: RADIUS/DECODE: parse response; FAIL

*Mar  1 04:24:38.988: mab-ev(Gi0/13): MAB received an Access-Reject for 0x31000001 (0015.c553.7baa)

*Mar  1 04:24:38.988: %MAB-5-FAIL: Authentication failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:24:38.988: mab-sm(Gi0/13): Received event 'MAB_RESULT' on handle 0x31000001

*Mar  1 04:24:38.996:     mab : during state mab_authorizing, got event 5(mabResult)

*Mar  1 04:24:38.996: @@@ mab : mab_authorizing -> mab_terminate

*Mar  1 04:24:38.996: mab-ev(Gi0/13): Deleted credentials profile for 0x31000001 (dot1x_mac_auth_0015c5537baa)

*Mar  1 04:24:38.996: mab-ev(Gi0/13): Sending event (2) to AuthMGR for 0015.c553.7baa

*Mar  1 04:24:38.996: %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:24:38.996: %AUTHMGR-5-FAIL: Authorization failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:25:39.730: mab-ev(Gi0/13): Reauthenticating client 0x31000001 (0015.c553.7baa)

*Mar  1 04:25:39.730: mab-sm(Gi0/13): Received event 'MAB_REAUTHENTICATE' on handle 0x31000001

*Mar  1 04:25:39.730:     mab : during state mab_terminate, got event 2(mabReauthenticate)

*Mar  1 04:25:39.730: @@@ mab : mab_terminate -> mab_authorizing

*Mar  1 04:25:39.730: mab-ev(Gi0/13): Sending create new context event to EAP from MAB for 0x31000001 (0015.c553.7baa)

*Mar  1 04:25:39.730: mab-ev(Gi0/13): Starting MAC-AUTH-BYPASS for 0x31000001 (0015.c553.7baa)

*Mar  1 04:25:39.730: mab-ev(Gi0/13): Attribute (NAS-Identifier) value 1 received for 0x31000001 (0015.c553.7baa)

*Mar  1 04:25:39.730: RADIUS/ENCODE(00000009):Orig. component type = DOT1X

*Mar  1 04:25:39.730: RADIUS(00000009): Config NAS IP: 10.0.0.1

*Mar  1 04:25:39.730: RADIUS(00000009): Started 10 sec timeout

*Mar  1 04:25:39.747: RADIUS: Received from id 1645/251 10.0.0.90:1812, Access-Accept, len 42

*Mar  1 04:25:39.747: RADIUS/DECODE: Ascend auth type; FAIL

*Mar  1 04:25:39.747: RADIUS/DECODE: decoder; FAIL

*Mar  1 04:25:39.747: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL

*Mar  1 04:25:39.747: RADIUS/DECODE: parse response op decode; FAIL

*Mar  1 04:25:39.747: RADIUS/DECODE: parse response; FAIL

*Mar  1 04:25:39.747: mab-ev(Gi0/13): MAB received an Access-Reject for 0x31000001 (0015.c553.7baa)

*Mar  1 04:25:39.747: %MAB-5-FAIL: Authentication failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:25:39.747: mab-sm(Gi0/13): Received event 'MAB_RESULT' on handle 0x31000001

*Mar  1 04:25:39.747:     mab : during state mab_authorizing, got event 5(mabResult)

*Mar  1 04:25:39.747: @@@ mab : mab_authorizing -> mab_terminate

*Mar  1 04:25:39.747: mab-ev(Gi0/13): Deleted credentials profile for 0x31000001 (dot1x_mac_auth_0015c5537baa)

*Mar  1 04:25:39.755: mab-ev(Gi0/13): Sending event (2) to AuthMGR for 0015.c553.7baa

*Mar  1 04:25:39.755: %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:25:39.755: %AUTHMGR-5-FAIL: Authorization failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:26:40.472: mab-ev(Gi0/13): Reauthenticating client 0x31000001 (0015.c553.7baa)

*Mar  1 04:26:40.472: mab-sm(Gi0/13): Received event 'MAB_REAUTHENTICATE' on handle 0x31000001

*Mar  1 04:26:40.472:     mab : during state mab_terminate, got event 2(mabReauthenticate)

*Mar  1 04:26:40.472: @@@ mab : mab_terminate -> mab_authorizing

*Mar  1 04:26:40.472: mab-ev(Gi0/13): Sending create new context event to EAP from MAB for 0x31000001 (0015.c553.7baa)

*Mar  1 04:26:40.472: mab-ev(Gi0/13): Starting MAC-AUTH-BYPASS for 0x31000001 (0015.c553.7baa)

*Mar  1 04:26:40.472: mab-ev(Gi0/13): Attribute (NAS-Identifier) value 1 received for 0x31000001 (0015.c553.7baa)

*Mar  1 04:26:40.472: RADIUS/ENCODE(00000009):Orig. component type = DOT1X

*Mar  1 04:26:40.472: RADIUS(00000009): Config NAS IP: 10.0.0.1

*Mar  1 04:26:40.472: RADIUS(00000009): Started 10 sec timeout

*Mar  1 04:26:40.489: RADIUS: Received from id 1645/252 10.0.0.90:1812, Access-Accept, len 42

*Mar  1 04:26:40.489: RADIUS/DECODE: Ascend auth type; FAIL

*Mar  1 04:26:40.489: RADIUS/DECODE: decoder; FAIL

*Mar  1 04:26:40.489: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL

*Mar  1 04:26:40.489: RADIUS/DECODE: parse response op decode; FAIL

*Mar  1 04:26:40.489: RADIUS/DECODE: parse response; FAIL

*Mar  1 04:26:40.489: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.0.0.90:1812,1813 is not responding.

*Mar  1 04:26:40.489: mab-ev(Gi0/13): MAB received an Access-Reject for 0x31000001 (0015.c553.7baa)

*Mar  1 04:26:40.489: %MAB-5-FAIL: Authentication failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:26:40.489: mab-sm(Gi0/13): Received event 'MAB_RESULT' on handle 0x31000001

*Mar  1 04:26:40.489:     mab : during state mab_authorizing, got event 5(mabResult)

*Mar  1 04:26:40.489: @@@ mab : mab_authorizing -> mab_terminate

*Mar  1 04:26:40.489: mab-ev(Gi0/13): Deleted credentials profile for 0x31000001 (dot1x_mac_auth_0015c5537baa)

*Mar  1 04:26:40.489: mab-ev(Gi0/13): Sending event (2) to AuthMGR for 0015.c553.7baa

*Mar  1 04:26:40.489: %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:26:40.489: %AUTHMGR-5-FAIL: Authorization failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:26:40.547: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.0.0.90:1812,1813 is being marked alive.

*Mar  1 04:27:41.197: mab-ev(Gi0/13): Reauthenticating client 0x31000001 (0015.c553.7baa)

*Mar  1 04:27:41.197: mab-sm(Gi0/13): Received event 'MAB_REAUTHENTICATE' on handle 0x31000001

*Mar  1 04:27:41.197:     mab : during state mab_terminate, got event 2(mabReauthenticate)

*Mar  1 04:27:41.197: @@@ mab : mab_terminate -> mab_authorizing

*Mar  1 04:27:41.197: mab-ev(Gi0/13): Sending create new context event to EAP from MAB for 0x31000001 (0015.c553.7baa)

*Mar  1 04:27:41.197: mab-ev(Gi0/13): Starting MAC-AUTH-BYPASS for 0x31000001 (0015.c553.7baa)

*Mar  1 04:27:41.197: mab-ev(Gi0/13): Attribute (NAS-Identifier) value 1 received for 0x31000001 (0015.c553.7baa)

*Mar  1 04:27:41.197: RADIUS/ENCODE(00000009):Orig. component type = DOT1X

*Mar  1 04:27:41.197: RADIUS(00000009): Config NAS IP: 10.0.0.1

*Mar  1 04:27:41.197: RADIUS(00000009): Started 10 sec timeout

*Mar  1 04:27:41.214: RADIUS: Received from id 1645/253 10.0.0.90:1812, Access-Accept, len 42

*Mar  1 04:27:41.214: RADIUS/DECODE: Ascend auth type; FAIL

*Mar  1 04:27:41.214: RADIUS/DECODE: decoder; FAIL

*Mar  1 04:27:41.214: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL

*Mar  1 04:27:41.214: RADIUS/DECODE: parse response op decode; FAIL

*Mar  1 04:27:41.214: RADIUS/DECODE: parse response; FAIL

*Mar  1 04:27:41.214: mab-ev(Gi0/13): MAB received an Access-Reject for 0x31000001 (0015.c553.7baa)

*Mar  1 04:27:41.214: %MAB-5-FAIL: Authentication failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:27:41.214: mab-sm(Gi0/13): Received event 'MAB_RESULT' on handle 0x31000001

*Mar  1 04:27:41.214:     mab : during state mab_authorizing, got event 5(mabResult)

*Mar  1 04:27:41.214: @@@ mab : mab_authorizing -> mab_terminate

*Mar  1 04:27:41.214: mab-ev(Gi0/13): Deleted credentials profile for 0x31000001 (dot1x_mac_auth_0015c5537baa)

*Mar  1 04:27:41.214: mab-ev(Gi0/13): Sending event (2) to AuthMGR for 0015.c553.7baa

*Mar  1 04:27:41.214: %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:27:41.214: %AUTHMGR-5-FAIL: Authorization failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:28:41.922: mab-ev(Gi0/13): Reauthenticating client 0x31000001 (0015.c553.7baa)

*Mar  1 04:28:41.922: mab-sm(Gi0/13): Received event 'MAB_REAUTHENTICATE' on handle 0x31000001

*Mar  1 04:28:41.922:     mab : during state mab_terminate, got event 2(mabReauthenticate)

*Mar  1 04:28:41.922: @@@ mab : mab_terminate -> mab_authorizing

*Mar  1 04:28:41.922: mab-ev(Gi0/13): Sending create new context event to EAP from MAB for 0x31000001 (0015.c553.7baa)

*Mar  1 04:28:41.922: mab-ev(Gi0/13): Starting MAC-AUTH-BYPASS for 0x31000001 (0015.c553.7baa)

*Mar  1 04:28:41.922: mab-ev(Gi0/13): Attribute (NAS-Identifier) value 1 received for 0x31000001 (0015.c553.7baa)

*Mar  1 04:28:41.922: RADIUS/ENCODE(00000009):Orig. component type = DOT1X

*Mar  1 04:28:41.922: RADIUS(00000009): Config NAS IP: 10.0.0.1

*Mar  1 04:28:41.922: RADIUS(00000009): Started 10 sec timeout

*Mar  1 04:28:41.939: RADIUS: Received from id 1645/254 10.0.0.90:1812, Access-Accept, len 42

*Mar  1 04:28:41.939: RADIUS/DECODE: Ascend auth type; FAIL

*Mar  1 04:28:41.939: RADIUS/DECODE: decoder; FAIL

*Mar  1 04:28:41.939: RADIUS/DECODE: attribute Ascend-Auth-Type; FAIL

*Mar  1 04:28:41.939: RADIUS/DECODE: parse response op decode; FAIL

*Mar  1 04:28:41.939: RADIUS/DECODE: parse response; FAIL

*Mar  1 04:28:41.939: mab-ev(Gi0/13): MAB received an Access-Reject for 0x31000001 (0015.c553.7baa)

*Mar  1 04:28:41.947: %MAB-5-FAIL: Authentication failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:28:41.947: mab-sm(Gi0/13): Received event 'MAB_RESULT' on handle 0x31000001

*Mar  1 04:28:41.947:     mab : during state mab_authorizing, got event 5(mabResult)

*Mar  1 04:28:41.947: @@@ mab : mab_authorizing -> mab_terminate

*Mar  1 04:28:41.947: mab-ev(Gi0/13): Deleted credentials profile for 0x31000001 (dot1x_mac_auth_0015c5537baa)

*Mar  1 04:28:41.947: mab-ev(Gi0/13): Sending event (2) to AuthMGR for 0015.c553.7baa

*Mar  1 04:28:41.947: %AUTHMGR-7-RESULT: Authentication result 'server dead' from 'mab' for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:28:41.947: %AUTHMGR-5-FAIL: Authorization failed for client (0015.c553.7baa) on Interface Gi0/13 AuditSessionID 0A0000010000000100DEC072

*Mar  1 04:29:42.052: dot1x-ev(Gi0/13): Interface state changed to DOWN

*Mar  1 04:29:42.052: dot1x-ev:dot1x_supp_port_down: No DOT1X subblock found on GigabitEthernet0/13

*Mar  1 04:29:42.052: mab-sm(Gi0/13): Received event 'MAB_DELETE' on handle 0x31000001

*Mar  1 04:29:42.052: mab-ev(Gi0/13): Received ABORT event from Auth Mgr for 0x31000001 (0015.c553.7baa)

*Mar  1 04:29:42.052: mab-ev(Gi0/13): Deleted credentials profile for 0x31000001 (dot1x_mac_auth_0015c5537baa)

*Mar  1 04:29:42.052: mab-ev: Freed MAB client context

*Mar  1 04:29:43.050: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/13, changed state to down

*Mar  1 04:29:44.048: %LINK-3-UPDOWN: Interface GigabitEthernet0/13, changed state to down

*Mar  1 04:29:49.274: %LINK-3-UPDOWN: Interface GigabitEthernet0/11, changed state to up

*Mar  1 04:29:50.281: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/11, changed state to up

Since I have never used RADIUS before on a Cisco device I am really not sure where the issue is.

Can anybody help me?

Thanks.

2 REPLIES 2
kayasaman
Beginner

Sorry I missed a part.

Basically what I have is a Linux server running FreeRADIUS, a Cisco 3560G switch and a laptop.

The setup is to replace VMPS as a way of distributing VLANs throughout the network dynamically.

Currently I would like the server to automatically distribute VLAN20 to the switch to use on interface g0/13.

I managed to find a solution to this and get things working:

Header 1

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

!

!

!

aaa new-model

!

!

aaa authentication dot1x default group radius

aaa authorization network default group radius

!

!

!

aaa session-id common

system mtu routing 1500

authentication mac-move permit

ip subnet-zero

!

ip dhcp pool dpool1

   network 10.0.0.0 255.255.255.0

!

ip dhcp pool dpool20

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

!

!

!

!

!

dot1x system-auth-control

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

interface GigabitEthernet0/1

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface GigabitEthernet0/5

!

interface GigabitEthernet0/6

!

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

switchport mode access

authentication port-control auto

mab

spanning-tree portfast

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface GigabitEthernet0/25

!

interface GigabitEthernet0/26

!

interface GigabitEthernet0/27

!

interface GigabitEthernet0/28

!

interface Vlan1

ip address 10.0.0.1 255.255.255.0

!

interface Vlan20

ip address 10.10.10.1 255.255.255.0

!

ip classless

ip http server

ip http secure-server

!

!

ip sla enable reaction-alerts

!

radius-server host 10.0.0.90 auth-port 1812 acct-port 1813 key pass

!

!

line con 0

line vty 5 15

!

end

Now the laptop is able to put straight onto VLAN20 and obtains the correct IP address of 10.10.10.0/24 range....