cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2317
Views
5
Helpful
8
Replies

A switch port is stuck on the old vlan

Joe22
Level 1
Level 1

I am trying to change my own switch port from vlan 3 to vlan 42, but somehow the port is stuck on vlan 3 no matter what I do (shut, no shut, unplug the device etc.).

 

A 5 minutes work now turned into hours. Any help would be greatly appreciated.

 

This is a Cisco 2960X switch

 

Port Configuration:

interface GigabitEthernet1/0/6
switchport access vlan 42
switchport mode access
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 42
authentication event no-response action authorize vlan 42
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer restart 30
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
macro description AccessEdgeQoS
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
end

 

show interface status:

Port Name Status Vlan Duplex Speed Type
Gi1/0/1 notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/2 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/3 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/4 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/5 notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/6 connected 3 a-full a-1000 10/100/1000BaseTX

8 Replies 8

Hello,

 

copy the port configuration, then default the interface, than paste the configuration back:

 

2960X(config)#default interface GigabitEthernet1/0/6

Went into vlan 1 after default the port, and went right back to vlan 3 after I pasted the config back.

are you using dot1x authentication?

is it possible dot1x is reassigning the vlan based on the devices authentication?

 

Looks like it. I removed all the dot1x on my port, and it worked fine.

 

I can't seem to find out where. 

 

aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!

interface GigabitEthernet1/0/6
switchport access vlan 42
switchport mode access
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 42
authentication event no-response action authorize vlan 42
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer restart 30
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
macro description AccessEdgeQoS
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

 


aaa session-id common

I am not very familiar with configuring Dot1x authentication, and without more of you config cant parse it out.  Dot1x usually uses a radius server to provide the port based authentication.   Looks like you should have a group called "radius" that handles it

What if you default the port and reload the switch ?

Hi Joe,

 

Change the interface to the default interface by using the following interface command and reconfigure the interface to VLAN 42.

 

Switch(config)#default interface gigabitEthernet 0/0/X

 

if the issue still persists, shut down the interface and change it to default and reconfigure it.

 

BR,

Khaleelur Rahman

We finally figured out why this was happening.

 

The reason was the switch was authenticating with a Windows NPS server, which was assigning vlan ID (vlan 3) for every authenticated connection. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: