01-16-2019 06:47 AM - edited 03-08-2019 05:03 PM
Hi,
I have been having issues getting 802.1x VLAN Assignment working on my 2960. I'm using PacketFence and I can see it sending back the radius response in the switch logs:
Tunnel-Type = VLAN
Tunnel-Private-Group-Id = "508"
Tunnel-Medium-Type = IEEE-802
It seems to know about the VLAN in the auth session details:
And my config:
Any help would be greatly appreciated.
Solved! Go to Solution.
01-16-2019 07:50 AM
I was sent a copy of the setup config from the Aruba Clearpass config tool and something in it which I changed has now fixed my issue.
Config:
aaa new-model
aaa session-id common
!
radius server CPPM1
address ipv4 10.65.30.42 auth-port 1812 acct-port 1813
key L0ng&Compl5x$ecret!
!
aaa group server radius ClearPass-RADIUS
server name CPPM1
aaa authentication dot1x default group ClearPass-RADIUS
aaa authorization network default group ClearPass-RADIUS
aaa accounting dot1x default start-stop group ClearPass-RADIUS
dot1x system-auth-control
aaa server radius dynamic-author
port 3799
auth-type all
client 10.65.30.42 server-key L0ng&Compl5x$ecret!
ip device tracking
radius-server vsa send accounting
radius-server vsa send authentication
radius-server attribute 11 default direction in
interface range GigabitEthernet 1/0/1 - 2
switchport mode access
authentication host-mode multi-auth
authentication order dot1x mab
authentication port-control auto
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x supplicant tx-period 15
dot1x max-reauth-req 1
Thanks for your help.
01-16-2019 06:50 AM - edited 01-16-2019 06:53 AM
change them to this
!
radius-server vsa send accounting
radius-server vsa send autho
01-16-2019 07:01 AM
01-16-2019 07:11 AM
what log show you on the radius server?
01-16-2019 07:21 AM
Radius Request:
Radius Reply:
01-16-2019 07:27 AM
Ahh... they look ok to me. unless you run the debug raduis command on switch.
01-16-2019 07:50 AM
I was sent a copy of the setup config from the Aruba Clearpass config tool and something in it which I changed has now fixed my issue.
Config:
aaa new-model
aaa session-id common
!
radius server CPPM1
address ipv4 10.65.30.42 auth-port 1812 acct-port 1813
key L0ng&Compl5x$ecret!
!
aaa group server radius ClearPass-RADIUS
server name CPPM1
aaa authentication dot1x default group ClearPass-RADIUS
aaa authorization network default group ClearPass-RADIUS
aaa accounting dot1x default start-stop group ClearPass-RADIUS
dot1x system-auth-control
aaa server radius dynamic-author
port 3799
auth-type all
client 10.65.30.42 server-key L0ng&Compl5x$ecret!
ip device tracking
radius-server vsa send accounting
radius-server vsa send authentication
radius-server attribute 11 default direction in
interface range GigabitEthernet 1/0/1 - 2
switchport mode access
authentication host-mode multi-auth
authentication order dot1x mab
authentication port-control auto
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x supplicant tx-period 15
dot1x max-reauth-req 1
Thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: