cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2467
Views
0
Helpful
2
Replies

Cat 3750 Switch: Dynamic vlan assignment

Difan Zhao
Level 5
Level 5

Hey guys,

I am trying to configure 802.1x on the switch and authenticate users against a Radius server. My radius server is FreeRadius running on Redhat. The authentication works fine but the switch just doesn't take the VLAN assigned by the server. I captured the packets between the server 172.17.1.1 and the switch 172.17.254.100. The cap file is attached here. Can anybody please verify that all the attributes are there and are all correct?

The client laptop is running Windows XP and it's using EAP-MD5. The laptop in on port F1/0/1. Here is the configuration on the switch:

aaa new-model

aaa authentication dot1x default group radius none

aaa authorization network default group radius none

!

interface FastEthernet1/0/1
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x violation-mode protect
dot1x reauthentication
dot1x guest-vlan 17
dot1x auth-fail vlan 18
spanning-tree portfast

!

radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx

!

I also tried to debug dot1x errors and there is no output so I guess there is no errors... Any advise is appreciated! Thank you!

2 Replies 2

kush.sri2001
Level 1
Level 1

Hi,

Please run the following debugs:

- debug dot1x all

- debug radius

- debug aaa authentication

these debugs would tell us if the radius server is sending the response and if the switch is accepting it.

Regards,

Kush

Hey Kush, thanks for reply! I did those debugs and I will upload them here. In the debug radius the output is saying that unknow cisco AVP type. I think the switch just doesn't like the Freeradius's attributes. I think what I will do is that I will setup ACS server (with the evaluation software) and configure it to dynamically assign vlan and use the wireshark to watch the attributes sent by the server and adjust my Freeradius setting accordingly and see if that helps...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: