Radius, config port to TRUNK when connecting switch

TeaSp00n · ‎07-07-2011

Hello everybody.

This is my first post here, hoping this is the right forum.

We are running RADIUS (802.1x) on our switches, for example one Cat3750E.
Authentication is working ok for computers, but we are having problems when we want to connect a smaller switch in one office.
The problem is that we can't get the 3750e (or the radius-server) to understand that there is a switch connected, and that port now need to go to TRUNK instead of an ordinary VLAN.
And when the switch is disconnected, the port need to go back to f.ex VLAN 1, because of linux's .1q-ability to connect to a TRUNK-port and access everything.

Can somebody help me with this?

Best Regards
Sindre

CSCO11832637 · ‎07-07-2011

Hi Sindre,

I don't exactly understand your problem.

What are the two switch that you connect?

Is your trunk going up(sh interface trunk)?

Can you give us the conf of your interface connecting the new switch and the sh interface trunk result.

Thank you.

-Guillaume

.

TeaSp00n · ‎07-07-2011

Ok, i'll try to explain a bit better:

We have a lot of switches (3750E and other types of cisco ) running.

Every office has 2 CAT6-contacts in the wall.

Let's say user X has VLAN 100 on contact 1 and VLAN 200 on contact 2.

If X needs 3 computers in his office, he is 1 contact short, and need to connect a switch.

When the user recieves the small switch, he removes the computer in plug 1 and uses this contact for the switch.

THIS is where the problem comes in:

When he connects the switch to contact 1, contact 1 needs to go to TRUNK, so he can have whatever VLAN he wants on his small switch.

We are having problems configuring radius so that it "understands" that "this is a small switch, not a computer, then i have to set the port to TRUNK".

And when the small switch is removed again, radius have to set the port back to VLAN 1 or something like that.

I don't remember exactly what type of office-switches we are going to use. (5 ports, around the size of a laptop, cisco)

Hope this is more explaining.

Best regards,

Sindre

andrewswanson · ‎07-07-2011

hello

have a look at the config doc :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/sw8021x.html

it states:

The IEEE 802.1x authentication with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-access port assignment through a VMPS.

can you trunk your vlans to the new switch and enable 802.1x on the new switch ports?

hth

andy

TeaSp00n · ‎07-08-2011

If i connect the small switch to port 5 on the 3750e, and configure port 5 as TRUNK, I can configure 802.1x on the small switch and everything is working like a charm.

The only thing I can't figure out how to do, is get the port to automaticly go to TRUNK when a switch is connected.

The reason that this can't be done manually, is that not every user we have reports to us that he has switched office. And we can't have a open port in with TRUNK enabled, fore "everyone" to connect what they want

Please ask if you don't understand what i mean, my english is not 100%

BR

TeaSp00n · ‎07-12-2011

Hope i have explained lysrør OK. Didn't think this would be a problem for you guys :)

TeaSp00n · ‎07-12-2011

Explained myself ok!

Stupid Apple-crap!