02-05-2018 03:16 AM - edited 02-21-2020 10:44 AM
Peace,
whatever I do, I either can't get authenticated or get authenticated on the data vlan.
here is the relevant switch configuration:
aaa group server tacacs+ Great
aaa group server radius U-turn
aaa authentication dot1x default group U-turn
aaa authorization network default group U-turn group Great local
dot1x system-auth-control
interface GigabitEthernet1/0/28
description Experiment
switchport access vlan 24
switchport mode access
switchport voice vlan 23
authentication port-control auto
authentication host-mode multi-domain
authentication violation protect
dot1x pae authenticator
spanning-tree portfast
spanning-tree bpduguard enable
end
here is the freeradius configuration which causes authentication on the data vlan:
reply attributes:
Tunnel-Medium-Type:1:=802
Tunnel-Private-Group-Id:1:=23
Check attributes:
Cleartext-Password:=communistssuck
Cisco-AVPair:=device-traffic-class=voice
anybody works for a money loving Government which instead of upgrading acs or getting ise forces to innovate with free radius?
Any idea what the correct attributes are or the how to configure this?
Solved! Go to Solution.
02-12-2018 03:29 AM
The secret has been unmasked!
reply attributes:
Cisco-AVPair="device-traffic-class=voice"
Tunnel-Medium-Type=802
Tunnel-Private-Group-Id=23
Check attributes:
Cleartext-Password:=communistssuck
not the "=" and the ":=" accordingly
02-12-2018 03:29 AM
The secret has been unmasked!
reply attributes:
Cisco-AVPair="device-traffic-class=voice"
Tunnel-Medium-Type=802
Tunnel-Private-Group-Id=23
Check attributes:
Cleartext-Password:=communistssuck
not the "=" and the ":=" accordingly
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: