Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
2
Replies

Acs and Dynamic vlan assignment problem

gseadmins
Level 1
Level 1

‎05-18-2009 02:42 AM - edited ‎03-12-2019 05:38 PM

Hi all,

I'm unable to dinamically pass the Radius attribute , about assigned vlan, to 802.1x clients.

I'm sure that everything is well configured but the only way to do it is configuring these attributes directly on user or group properties.

When i try to pass these attributes by appliction of a Shared RAC (acs 4.2) or NAP (ACS 5.0) the only message that i can find on the switch, where the vlan has to be configured, is:

dot1x-ev:Received VLAN is No Vlan

dot1x-ev:Received VLAN Id -1

The user is still authenticated successfully ( and all the profiles correctly assigned) but remain in the vlan statically configured on the interface.

The logic is working, but transmission do not.

Is this a bug ?

Labels:
0 Helpful
2 Replies 2

mchin345
Level 6
Level 6

‎05-24-2009 05:44 PM

test the authentication again.If is still fails, set the logging to full on the ACS server using:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a00800afec1.shtml#setting_acs

Also Check if you are running another RADIUS product on the same server as the ACS services and the same decryption was being used.Reset shared key on switch and radius server.

0 Helpful

gseadmins
Level 1
Level 1
In response to mchin345

‎05-25-2009 01:39 AM

Hi,

Dont'know if that was solved by the Patch 5-0-0-21-5, or by the reconfiguration of the NAP.

But now it is working, i think it was a misunderstanding about the use of NAP.

I've modified the "Default network access" adding and exception for the Guest group and i've created a new "Guest Profile".

Now the user is really inserted in the right profile, and so the exact vlan has been passed to the switch.

Thanks of your answer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents