Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
2
Replies

VLAN Assignment by Radius Server on 3550 switch

kianhowtan
Level 1
Level 1

‎07-13-2006 06:46 AM - edited ‎03-03-2019 04:02 AM

Hi,

Need some advise out there. Currently I am using a Oydessey Radius to perform the authentication and the vlan assignment. From the Cisco websites, I knew that I need to set the tunnel-type, tunnel-medium and the tunnel-private-id on my radius attribute to push down the VLAN ID to the switch. In addition, my switch needs to have the command "aaa authorization network..." in order to receive the attribute.

But somehow it is not working. The user authentication and dot1x is working fine, but the VLAN is always assign to the vlan_id that is configured on the port.

Anybody out there got experience this before?

Thanks

Labels:
0 Helpful
2 Replies 2

Roberto Salazar
Level 8
Level 8

‎07-13-2006 12:00 PM

I'm sure you read this but can you double check the Radius for the following:

To configure VLAN assignment you need to perform these tasks:

?Enable AAA authorization.

?Enable IEEE 802.1x authentication (the VLAN assignment feature is automatically enabled when you configure IEEE 802.1x authentication on an access port).

?Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS server must return these attributes to the switch:

?[64] Tunnel-Type = VLAN

?[65] Tunnel-Medium-Type = IEEE 802

?[81] Tunnel-Private-Group-ID = VLAN name or VLAN ID

Attribute [64] must contain the value VLAN (type 13). Attribute [65] must contain the value IEEE 802 (type 6). Attribute [81] specifies the VLAN name or VLAN ID assigned to the IEEE 802.1x-authenticated user.

And if you have not already look at the following link:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swauthen.htm#wp1091725

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swauthen.htm#wp1091464

Please rate all posts.

0 Helpful

kianhowtan
Level 1
Level 1
In response to Roberto Salazar

‎07-13-2006 05:57 PM

Hi,

yes, I did look at the above link and perform whatever that u had mentioned. But one question on the Private Group ID, if I have a VLAN 30 configured on the switch and named it as "VLAN_30", I can input as "30" or "VLAN_30", rite? This field is input as string, not integer.

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents