I run into some when trying to use guess vlan in dot1x authentication. The client is able to grab an IP in the guess vlan;however, it can't go to the Internet. Client in the guess vlan is able to ping other vlan(different subnets). There is client port access below. This is not vlan issue as any host connected to the vlan, when not using dot1x guess_vlan, able to browse the Internet.! AND when I use the guess vlan as a simple access vlan, the client is able to go to the Internet.
interface FastEthernet0/12 switchport access vlan 165 switchport mode access dot1x port-control auto dot1x max-req 4 dot1x max-reauth-req 4 dot1x guest-vlan 161 ----> does grab IP from this vlan,but can't go to the Internet. dot1x reauthentication spanning-tree portfast !
802.1X_Test#sho dot1x int f0/12 Supplicant MAC <Not Applicable> AuthSM State = AUTHENTICATED(GUEST_VLAN) BendSM State = IDLE Posture = N/A ReAuthPeriod = 3600 Seconds (Locally Configured) ReAuthAction = Reauthenticate TimeToNextReauth = N/A PortStatus = AUTHORIZED(GUEST-VLAN) MaxReq = 4 MaxAuthReq = 4 HostMode = Single Port Control = Auto ControlDirection = Both QuietPeriod = 10 Seconds Re-authentication = Enabled ReAuthPeriod = 3600 Seconds ServerTimeout = 30 Seconds SuppTimeout = 30 Seconds TxPeriod = 15 Seconds Guest-Vlan = 161
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :