Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAC 802.1x: VLAN assignment via RADIUS

I'm deploy a 802.1x NAC solution. Users authenticate ok but the VLAN is not assigned to the port.

The RADIUS server send the attributes to the NAD (switch 3560). I see the following lines in the radius debug output:

02:49:08: RADIUS: Received from id 1645/4, Access-Accept, len 267

02:49:08: RADIUS: authenticator AB 90 94 95 D0 86 04 E5 - D3 AC 43 21 C0 31 29 EB

02:49:08: RADIUS: Session-Timeout [27] 6 3600

02:49:08: RADIUS: Termination-Action [29] 6 1

02:49:08: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]

02:49:08: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]

02:49:08: RADIUS: Tunnel-Private-Group[81] 10 01:"healthy"

02:49:08: RADIUS: Vendor, Cisco [26] 29

02:49:08: RADIUS: Cisco AVpair [1] 23 "posture-token=Healthy"

I suppose that the error appears because the attributes 64 and 65 are "Unsupported". Is it right?

In RADIUS server I configure:

attribute 64 = VLAN (13)

attribute 65 = 802 (6)

Below I attach switch configuration. The "healthy" vlan is configured in this one.

Any help would be appreciated.

Thanks and regards.


New Member

Re: NAC 802.1x: VLAN assignment via RADIUS

I change the IOS and all work fine. The IOS must have the feature "NAC - L2 IEEE 802.1x".

Other user has the same problem, he posted the question with the following subject: "NAC L2 802.1x VLAN assignment".In this question the problem is better described.