Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Endstation Network Condition not working for IPv4

newjard
Beginner
Beginner

‎09-15-2021 11:04 PM

I have a question about Endstation Network Conditions for IPv4.
I have configured “Network Conditions>>>Endstation Network Conditions>>>created „TEST_ENDSTATION” and added the address IP 10.50.50.10 or alternatively 10.50.50.0/24.
In AUTHORIZATION POLICY I have the condition „Network Conditions: TEST_ENDSTATION”.
Start endstation authentication/authorization with the address IP 10.50.50.10 (tested for MAB and DOT1X) is not matched with the prepared condition. I read that I need to add a command on the switch, but it doesn't help:
radius-server attribute 31 send nas-port-detail.

i tried too:

radius-server attribute 31 send nas-port-detail

radius-server attribute 31 remote-id

radius-server attribute 31 append-circuit-id

 

Additionally, I have attributes for configuration:

mab request format attribute 32 vlan access-vlan
radius-server attribute 6 on-for-login-auth

radius-server attribute 8 include-in-access-req

radius-server attribute 32 include-in-access-req

radius-server attribute 25 access-request include

radius-server attribute 31 send nas-port-detail

radius-server attribute 31 remote-id

radius-server attribute 31 append-circuit-id

radius-server vsa send cisco-nas-port

 

Did not work.
If I add MAC to Endstation Network Conditions >>> TEST_ENDSTATION MAC, then the authorization works correctly and goes to AUTHORIZATION POLICY condition "Network Conditions: TEST_ENDSTATION MAC".

So for MAC it works for IP it doesn't work.

What do I need to add to the switch configuration so that the IP address is sent in the network attributes?

 

Port configuration:

interface FastEthernet0/XX

 description dot1x test

 switchport access vlan XXX

 switchport mode access

 switchport nonegotiate

 switchport voice vlan XXX

 authentication event fail retry 0 action next-method

 authentication event server dead action authorize

 authentication event server alive action reinitialize

 authentication host-mode multi-auth

 authentication open

 authentication order dot1x mab

 authentication priority dot1x mab

 authentication port-control auto

 authentication periodic

 authentication timer reauthenticate server

 authentication timer inactivity server

 mab

 no snmp trap link-status

 dot1x pae authenticator

 dot1x timeout tx-period 7

 spanning-tree portfast edge

 spanning-tree guard root

 ip dhcp snooping limit rate 15

end

Switch (I also tested on others

WS-C2960C-8PC 15.2(7)E4 - C2960c405-UNIVERSALK9-M

 

endstation MAC conditions.png  endstation IP conditions.png

 

1 person had this problem
Who Me Too'd this topic