Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


We are working on configuring a NAC Framework test network. We've got to the point where we can successfully evaluate and flag a client PC as healthy or quarantine and enable/disable it's switchport as appropriate. The next step that we are having a problem with is assigning the port to a VLAN, whatever we do the port always seems to stay in the default VLAN1. We've created additional VLANs for healthy and quarantined PCs but can't get the ports assigned whatever we try. We're pretty sure we are getting the syntax of the various settings in ACS correct as wherever possible we are using templates to create settings profiles and where no templates are available we've checked our settings very carefully.

The only error we can see is from a radius debug on the switch during the authentication process where it returns these messages:

03:48:39: dot1x-ev:Received VLAN is No Vlan

03:48:39: dot1x-ev:Received VLAN Id -1

There are several repeats of these during the debug.

Any ideas?

New Member

Re: ACS NAC and VLANs.

did you configure these 3 attributes? You must set them so that the VLAN ID/Name can be assigned correctly. And on the switch you must include AAA network too.

IETF 64 (Tunnel Type)Set this to VLAN

IETF 65 (Tunnel Medium Type) Set this to 802

IETF 81 (Tunnel Private Group ID)Set this to VLAN ID/name

Re: ACS NAC and VLANs.

Yes I had all those set but I have solved the problem! I'd upgraded IOS on the switch to the required version for NAC, executed the boot command to get it to boot the correct version but for some reason it didn't take effect. Took me a while to notice it was still running the old IOS.