Dot1x guess_vlan

Unanswered Question
Jul 29th, 2010

Hi Pros,

              I run into some when trying to use guess vlan in dot1x authentication. The client is able to grab an IP in the guess vlan;however, it can't go to the Internet. Client in the guess vlan is able to ping other vlan(different subnets). There is client port access below. This is not vlan issue as any host connected to the vlan, when not using dot1x guess_vlan, able to browse the Internet.! AND when I use the guess vlan as a simple access vlan, the client is able to go to the Internet.

interface FastEthernet0/12
switchport access vlan 165
switchport mode access
dot1x port-control auto
dot1x max-req 4
dot1x max-reauth-req 4
dot1x guest-vlan 161 ----> does grab IP from this vlan,but can't go to the Internet.
dot1x reauthentication
spanning-tree portfast

802.1X_Test#sho dot1x int f0/12
Supplicant MAC <Not Applicable>
   BendSM State      = IDLE
   Posture           = N/A
   ReAuthPeriod      = 3600 Seconds (Locally Configured)
   ReAuthAction      = Reauthenticate
   TimeToNextReauth  = N/A
PortStatus        = AUTHORIZED(GUEST-VLAN)
MaxReq            = 4
MaxAuthReq        = 4
HostMode          = Single
Port Control      = Auto
ControlDirection  = Both
QuietPeriod       = 10 Seconds
Re-authentication = Enabled
ReAuthPeriod      = 3600 Seconds
ServerTimeout     = 30 Seconds
SuppTimeout       = 30 Seconds
TxPeriod          = 15 Seconds
Guest-Vlan        = 161


----Jean Paul

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Phillip Remaker Mon, 08/02/2010 - 16:48

How are DHCP services being provided to VLAN 161?  Are other devices on Vlan 161 working (that is, does the DHCP server provide the correct IP mask and default gateway?)


This Discussion