Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Acs and Dynamic vlan assignment problem

Hi all,

I'm unable to dinamically pass the Radius attribute , about assigned vlan, to 802.1x clients.

I'm sure that everything is well configured but the only way to do it is configuring these attributes directly on user or group properties.

When i try to pass these attributes by appliction of a Shared RAC (acs 4.2) or NAP (ACS 5.0) the only message that i can find on the switch, where the vlan has to be configured, is:

dot1x-ev:Received VLAN is No Vlan

dot1x-ev:Received VLAN Id -1

The user is still authenticated successfully ( and all the profiles correctly assigned) but remain in the vlan statically configured on the interface.

The logic is working, but transmission do not.

Is this a bug ?

2 REPLIES
Silver

Re: Acs and Dynamic vlan assignment problem

test the authentication again.If is still fails, set the logging to full on the ACS server using:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a00800afec1.shtml#setting_acs

Also Check if you are running another RADIUS product on the same server as the ACS services and the same decryption was being used.Reset shared key on switch and radius server.

New Member

Re: Acs and Dynamic vlan assignment problem

Hi,

Dont'know if that was solved by the Patch 5-0-0-21-5, or by the reconfiguration of the NAP.

But now it is working, i think it was a misunderstanding about the use of NAP.

I've modified the "Default network access" adding and exception for the Guest group and i've created a new "Guest Profile".

Now the user is really inserted in the right profile, and so the exact vlan has been passed to the switch.

Thanks of your answer

351
Views
0
Helpful
2
Replies
CreatePlease to create content