02-15-2019 07:46 AM - edited 03-08-2019 05:21 PM
I am trying to change my own switch port from vlan 3 to vlan 42, but somehow the port is stuck on vlan 3 no matter what I do (shut, no shut, unplug the device etc.).
A 5 minutes work now turned into hours. Any help would be greatly appreciated.
This is a Cisco 2960X switch
Port Configuration:
interface GigabitEthernet1/0/6
switchport access vlan 42
switchport mode access
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 42
authentication event no-response action authorize vlan 42
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer restart 30
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
macro description AccessEdgeQoS
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
end
show interface status:
Port Name Status Vlan Duplex Speed Type
Gi1/0/1 notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/2 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/3 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/4 connected 3 a-full a-1000 10/100/1000BaseTX
Gi1/0/5 notconnect 3 auto auto 10/100/1000BaseTX
Gi1/0/6 connected 3 a-full a-1000 10/100/1000BaseTX
02-15-2019 07:53 AM
Hello,
copy the port configuration, then default the interface, than paste the configuration back:
2960X(config)#default interface GigabitEthernet1/0/6
02-15-2019 08:01 AM
Went into vlan 1 after default the port, and went right back to vlan 3 after I pasted the config back.
02-15-2019 09:05 AM
are you using dot1x authentication?
is it possible dot1x is reassigning the vlan based on the devices authentication?
02-15-2019 09:53 AM
Looks like it. I removed all the dot1x on my port, and it worked fine.
I can't seem to find out where.
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
interface GigabitEthernet1/0/6
switchport access vlan 42
switchport mode access
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication control-direction in
authentication event fail action authorize vlan 99
authentication event server dead action authorize vlan 42
authentication event no-response action authorize vlan 42
authentication event server alive action reinitialize
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer restart 30
authentication violation restrict
mab
mls qos trust device cisco-phone
mls qos trust cos
macro description AccessEdgeQoS
dot1x pae authenticator
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
aaa session-id common
02-15-2019 10:08 AM
I am not very familiar with configuring Dot1x authentication, and without more of you config cant parse it out. Dot1x usually uses a radius server to provide the port based authentication. Looks like you should have a group called "radius" that handles it
02-15-2019 09:52 AM
What if you default the port and reload the switch ?
02-19-2019 05:24 AM - edited 02-19-2019 05:27 AM
Hi Joe,
Change the interface to the default interface by using the following interface command and reconfigure the interface to VLAN 42.
Switch(config)#default interface gigabitEthernet 0/0/X
if the issue still persists, shut down the interface and change it to default and reconfigure it.
BR,
Khaleelur Rahman
02-22-2019 07:06 AM
We finally figured out why this was happening.
The reason was the switch was authenticating with a Windows NPS server, which was assigning vlan ID (vlan 3) for every authenticated connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide