05-18-2009 02:42 AM - edited 03-12-2019 05:38 PM
Hi all,
I'm unable to dinamically pass the Radius attribute , about assigned vlan, to 802.1x clients.
I'm sure that everything is well configured but the only way to do it is configuring these attributes directly on user or group properties.
When i try to pass these attributes by appliction of a Shared RAC (acs 4.2) or NAP (ACS 5.0) the only message that i can find on the switch, where the vlan has to be configured, is:
dot1x-ev:Received VLAN is No Vlan
dot1x-ev:Received VLAN Id -1
The user is still authenticated successfully ( and all the profiles correctly assigned) but remain in the vlan statically configured on the interface.
The logic is working, but transmission do not.
Is this a bug ?
05-24-2009 05:44 PM
test the authentication again.If is still fails, set the logging to full on the ACS server using:
Also Check if you are running another RADIUS product on the same server as the ACS services and the same decryption was being used.Reset shared key on switch and radius server.
05-25-2009 01:39 AM
Hi,
Dont'know if that was solved by the Patch 5-0-0-21-5, or by the reconfiguration of the NAP.
But now it is working, i think it was a misunderstanding about the use of NAP.
I've modified the "Default network access" adding and exception for the Guest group and i've created a new "Guest Profile".
Now the user is really inserted in the right profile, and so the exact vlan has been passed to the switch.
Thanks of your answer
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: