Hi,

thanks for the reply. The authentication of the user works fine, and I see the RADIUS server passing the VLAN info to the switch. But the debug dot1x output on the switch says: no VLAN.

Do you know the tags and values I have to use on the radius server? Thanks!!

Regards,

Tom

did you put the correct vlan name, no vlan id, but the actual name.

Hello I've successed in that. here is config enough to run it properly:

aaa new-model

aaa authentication dot1x default group radius

aaa authorization network default group radius

aaa authorization configuration default group radius

!

dot1x timeout quiet-period 20

!

!

interface FastEthernet0/2

switchport mode access

no ip address

dot1x port-control auto

spanning-tree portfast

!

On the ACS in IETF Radius attributes

[064] tag1 VLAN

[065] tag1 802

[081] tag1 11 (note, not vlan name)

It must work

for 81 tag 1, I'm using vlan name adm2, and it works fine, although still having problems with microsoft client and dhcp, should have a patch from microsoft in a couple of weeks.

I have the same problem.I've tried all possible methods to dynamically assign ip address to aaa

clients, but it doesn't want to work. Debugging shows that, ip address assigned either to client itself or to group client belongs to, passed successfully to the switch. What then ?:(

microsoft put out a patch today, I'm going to test it this week, it is supposed to renew ip address after user authenticates.

Mike, I search through Microsoft website but can't find the patch when you mentioned. Can you help to paste out the name and url of the patch? Thanks

just emailed microsoft, they said it isn't being released until tested, but if you contact microsoft support, they can give you the hot fix, or email me at jschooley@csc.com

anything in particular? ACS is fairly easy, set the 3 attributes that it mentions in all the docs, and use external nt database. If you are using login scripts, roaming profiles, or just about anything that you would use in real network environment, you will need to use active directory, enable machine authentication, add a certificate to the local machine store, add a registry value called Supplicant Mode and set the value to 3, then add the microsoft hotfix. I will post the microsoft article reference number as soon as email starts working

I trunk the cisco 2950 with our core switch so I given the IP as 192.168.188.28, I assign this ip with the key name cisco use it as cisco (ITEF) am I right here

I've a active directory which work fine on my wireless network with EAP-TLS & PEAP. But I cant figure out on 802.1x on point to point setting please advise , which micorsoft patch should I patch

Thanks

Regards

Mc

have you set up the AAA commands and the radius server on the switch yet?

Can U advise Please, which site provide step for me to follow thanks

Regards

MC