Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VLAN Assignment by Radius Server on 3550 switch


Need some advise out there. Currently I am using a Oydessey Radius to perform the authentication and the vlan assignment. From the Cisco websites, I knew that I need to set the tunnel-type, tunnel-medium and the tunnel-private-id on my radius attribute to push down the VLAN ID to the switch. In addition, my switch needs to have the command "aaa authorization network..." in order to receive the attribute.

But somehow it is not working. The user authentication and dot1x is working fine, but the VLAN is always assign to the vlan_id that is configured on the port.

Anybody out there got experience this before?



Re: VLAN Assignment by Radius Server on 3550 switch

I'm sure you read this but can you double check the Radius for the following:

To configure VLAN assignment you need to perform these tasks:

?Enable AAA authorization.

?Enable IEEE 802.1x authentication (the VLAN assignment feature is automatically enabled when you configure IEEE 802.1x authentication on an access port).

?Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS server must return these attributes to the switch:

?[64] Tunnel-Type = VLAN

?[65] Tunnel-Medium-Type = IEEE 802

?[81] Tunnel-Private-Group-ID = VLAN name or VLAN ID

Attribute [64] must contain the value VLAN (type 13). Attribute [65] must contain the value IEEE 802 (type 6). Attribute [81] specifies the VLAN name or VLAN ID assigned to the IEEE 802.1x-authenticated user.

And if you have not already look at the following link:

Please rate all posts.

New Member

Re: VLAN Assignment by Radius Server on 3550 switch


yes, I did look at the above link and perform whatever that u had mentioned. But one question on the Private Group ID, if I have a VLAN 30 configured on the switch and named it as "VLAN_30", I can input as "30" or "VLAN_30", rite? This field is input as string, not integer.