Hi there,
I have a CBS350 switch (CBS350-24T-4G) and want to enable Dynamic VLAN assignment feature in 802.1X, but failed strangely.
Switch: CBS350-24T-4G (firmware: 3.0.0.69)
RADIUS server: freeradius 3.0.26 on Ubuntu 20.04
If I disable RADIUS VLAN Assignment feature, and just enable 802.1X port control type "Auto" on Access type ports, it works perfectly fine.
If I enable RADIUS VLAN Assignment "Reject", and enable 802.1X port control type "Auto" on General type ports with Ingress Filtering "on", VLAN 150 is created on the switch, I can only get failure message like "%SEC-W-SUPPLICANTUNAUTHORIZED: username userxxx with MAC xxxxx was rejected on port gi7 because Radius accept message does not contain VLAN ID".
But freeradius actually returns VLAN ID as below tested by radtest.
Received Access-Accept Id 76 from xx to xx length 37
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "150"
Btw, if I switch to internal RADIUS server embedded in CBS350 switch, I got another error message "%SEC-W-SUPPLICANTUNAUTHORIZED: username xxx with MAC xxx was rejected on port gi7 due to wrong user name or password in Radius server"
and "%RADIUSSERVER-N-AUTHFAILURE: Authentication Failure, User: xxx, dot1x; NAS: xxx; Reason: Not supported EAP Method".
What could be the root cause of the problem?
Thanks,
Gavin
