02-15-2019 07:46 AM - edited 03-08-2019 05:21 PM
I am trying to change my own switch port from vlan 3 to vlan 42, but somehow the port is stuck on vlan 3 no matter what I do (shut, no shut, unplug the device etc.).
A 5 minutes work now turned into hours. Any help would be greatly appreciated.
This is a Cisco 2960X switch
Port Configuration:
interface GigabitEthernet1/0/6
switchport access vlan 42
switchport mode access
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 42
authentication event no-response action authorize vlan 42
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer restart 30
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
macro description AccessEdgeQoS
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
end
show interface status:
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/2 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/3 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/4 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/5 notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/6 connected 3 a-full a-1000 10/100/1000BaseTX
02-15-2019 07:53 AM
Hello,
copy the port configuration, then default the interface, than paste the configuration back:
2960X(config)#default interface GigabitEthernet1/0/6
02-15-2019 08:01 AM
Went into vlan 1 after default the port, and went right back to vlan 3 after I pasted the config back.
02-15-2019 09:05 AM
are you using dot1x authentication?
is it possible dot1x is reassigning the vlan based on the devices authentication?
02-15-2019 09:53 AM
Looks like it. I removed all the dot1x on my port, and it worked fine.
I can't seem to find out where.
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
interface GigabitEthernet1/0/6
switchport access vlan 42
switchport mode access
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 42
authentication event no-response action authorize vlan 42
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer restart 30
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
macro description AccessEdgeQoS
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
aaa session-id common
02-15-2019 10:08 AM
I am not very familiar with configuring Dot1x authentication, and without more of you config cant parse it out. Dot1x usually uses a radius server to provide the port based authentication. Looks like you should have a group called "radius" that handles it
02-15-2019 09:52 AM
What if you default the port and reload the switch ?
02-19-2019 05:24 AM - edited 02-19-2019 05:27 AM
Hi Joe,
Change the interface to the default interface by using the following interface command and reconfigure the interface to VLAN 42.
Switch(config)#default interface gigabitEthernet 0/0/X
if the issue still persists, shut down the interface and change it to default and reconfigure it.
BR,
Khaleelur Rahman
02-22-2019 07:06 AM
We finally figured out why this was happening.
The reason was the switch was authenticating with a Windows NPS server, which was assigning vlan ID (vlan 3) for every authenticated connection.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: