I have a windows 2003 server with AD and IAS configured. IAS uses AD for authentication. I have AAA login configured and working. I have AAA dot1x configured on the 3550 switch. IAS has a Wired Ethernet policy configured for PEAM and is send back attributes tunnel-type = VLAN, tunnel-medium-type = 802, and tunnel-pvt-group-id = 210. My XP supplicant has dot1x enabled and is authenticating through the switch and IAS.
Using Ethereal I can see the both the Radius request and accept packets. I can see that radius is sending the above attributes through ethereal as well. Using the Debug Radius command I can see that the attributes are getting to the switch. When I use the show VLAN command the switch port is still in VLAN 1. I want it to be in VLAN 210.
I have upgraded the IOS in the 3550 switch. This fixed a previous problem of the switch not sending the NAS port type of Ethernet. It as sending a port type of Asynch.
I also have service pack 2 on the Windows 2003 server.
Has anyone else had this problem? If so how do I fix it.
Here is my debug code:
06:56:45: RADIUS: Tunnel-Medium-Type  6 00:ALL_802 
06:56:45: RADIUS: Tunnel-Private-Group 5 "210"
06:56:45: RADIUS: Tunnel-Type  6 00:VLAN 
Here is my switch code:
aaa authentication login default group radius local
aaa authentication dot1x default group radius local
aaa session-id common
switchport mode access
dot1x pae authenticator
dot1x port-control auto
radius-server host 10.1.1.254 auth-port 1645 acct-port 1646 key test
radius-server deadtime 60