IAS dot1x dynamic VLAN assignment not working

Unanswered Question

I have a windows 2003 server with AD and IAS configured. IAS uses AD for authentication. I have AAA login configured and working. I have AAA dot1x configured on the 3550 switch. IAS has a Wired Ethernet policy configured for PEAM and is send back attributes tunnel-type = VLAN, tunnel-medium-type = 802, and tunnel-pvt-group-id = 210. My XP supplicant has dot1x enabled and is authenticating through the switch and IAS.

Using Ethereal I can see the both the Radius request and accept packets. I can see that radius is sending the above attributes through ethereal as well. Using the Debug Radius command I can see that the attributes are getting to the switch. When I use the show VLAN command the switch port is still in VLAN 1. I want it to be in VLAN 210.

I have upgraded the IOS in the 3550 switch. This fixed a previous problem of the switch not sending the NAS port type of Ethernet. It as sending a port type of Asynch.

I also have service pack 2 on the Windows 2003 server.

Has anyone else had this problem? If so how do I fix it.

Here is my debug code:

06:56:45: RADIUS: Tunnel-Medium-Type [65] 6 00:ALL_802 [6]

06:56:45: RADIUS: Tunnel-Private-Group[81] 5 "210"

06:56:45: RADIUS: Tunnel-Type [64] 6 00:VLAN [13]

Here is my switch code:

aaa new-model

aaa authentication login default group radius local

aaa authentication dot1x default group radius local

aaa session-id common

interface FastEthernet0/1

switchport mode access

dot1x pae authenticator

dot1x port-control auto

radius-server host auth-port 1645 acct-port 1646 key test

radius-server deadtime 60

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion