Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1348
Views
0
Helpful
4
Replies

SG300 does not accept Cisco-Avpair device-traffic-class vor voice vlan and radius

Mar tin
Level 1
Level 1

‎04-15-2014 08:55 AM

Hello,

i am using a Cisco SG300MP router and want to authenticate a phone with MAB + use dynamic voice vlan. The phone should tag its packets in the correct voice lan that are received for this phone from the radius server via MAB. As radius server I used MS IAS and also Freeradius.

I can see in the wireshark trace that the correct attribute is sent in the "Access-Accept" Message.

AVP: l=34  t=Vendor-Specific(26) v=ciscoSystems(9)

VSA: l=28 t=Cisco-AVPair(1): device-traffic-class=voice

But Cisco does not set up a voice vlan (via lldp). Instead cisco writes in log:

%AAAEAP-W-RADIUSREPLY: Invalid attribute 26 ignored - vendor is is not Microsoft

and interprets the vlan attributes in radius as data vlan.

What I am doing wrong? The log messages makes no sense at all?

Regards Martin

 

Labels:
0 Helpful
4 Replies 4

Brandon Svec
Level 7
Level 7

‎04-15-2014 11:21 AM

Did you create your voice VLAN and turn it on?

 

i.e.

vlan database

vlan 100

exit

voice vlan id 100

 

besides that what type of phone are you using?

 

Did you look at show lldp neighbors output or maybe show cdp neighbors output?

 

It may be helpful to share your switch config too.

-- please remember to rate and mark answered helpful posts --
0 Helpful

Mar tin
Level 1
Level 1
In response to Brandon Svec

‎04-16-2014 07:42 AM

Hallo Brandon,

I attach the cisco config. Voice Vlan is 200 for default and I want to have 170 via dynamic vlan assignment.

I use a snom phone which correctly tags the default voice vlan 200 (before MAB). I expect now that the switch grants access via MAB and sends an LLDP with voice vlan 170. Instead he untags data 170.

In LLDP-Neighbours I see that the phone is recognized as Voice Device in Default Voice Vlan 200.

In the end I assume that maybe ths SG300 is not supported for dynamic voice vlan assignment via MAB? But why then this weird log message.

Regards Martin

 

Preview file
3 KB
0 Helpful

Brandon Svec
Level 7
Level 7
In response to Mar tin

‎04-16-2014 08:09 AM

I see.  I don't think I know enough about MAB to help you further.  I thought by dynamic VLAN assignment you were referring to how the phone gets its voice VLAN. I wanted to see if I could help ensure your phone was at least getting voice VLAN via lldp and it seems it is.

Don't give up though.  I did a quick search and saw this: http://www.cisco.com/c/en/us/products/collateral/switches/small-business-smart-switches/data_sheet_c78-610061.html

In the product specs table there is stated support for: Dynamic VLAN assignment via Radius server along with 802.1x client authentication

 

 

-- please remember to rate and mark answered helpful posts --
0 Helpful

Mar tin
Level 1
Level 1
In response to Brandon Svec

‎04-16-2014 10:25 AM

Hi,

 

phone gets the default voice vlan but not the dynamic voice via radius or lets say he ignores that this dynamic vlan is for voice.

 

"Dynamic VLAN assignment via Radius server along with 802.1x client authentication"

--> as see above it works wor data

He just ignores CiscoAVPair Attribute...even when its a cisco one...

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents