This is certainly because both VLANs are usually untagged, and the switch allows just one untagged VLAN pub per-port.VLAN 150 - VLAN which I get now, because my config is definitely not working.Its odd, nothing can be stated about any attributed associated to VLAN.After that it drops back to Authorized VLAN set up for Port-Accéss Authenticator if authéntication succeeds.
If that can be not present it assigns Untagged VLAN configured on the slot. It appears every resource relates to TunneI-Pvt-Group-ld instead (configuring on Microsoft). IIRC, this would tell the change to use 150 for authenticated devices unless it will get a different value from RADIUS. Without this, I suspect it will simply use the set up port value. Not posting as an reply because I was functioning off memory space and it often fails nowadays. I would like it to assign a VLAN depending on what consumer authenticates. Auth-vid comes 2nd in concern after RADIUS (which doesnt work). If no Auth-vid will be set, then it will indeed select set up untagged VLAN. Ive just repeated your config, and have got no complications with this. My test procurve ip 10.0.10.29, check freeradius ip 192.168.2.60. Fri Sep 5 12:54:14 2014: Auth: Login Alright: testuser (from client switch port 0 via TLS tunnel). Fri Sep 5 12:54:14 2014: Auth: Login Okay: testuser (from client switch interface 1 cli w4-99-ba-5a-bb-65). Fri Sep 5 12:56:06 2014: Auth: Login incorrect: sasdasd (from customer switch port 1 cli n4-99-ba-5a-bb-65). I notice you chose VLAN 100 as default untagged VLAN on the switchport youre trying to link to. I obtain an untagged VLAN set up on a switchpórt when I be successful. But what If you set untagged VLAN for your port to 1 and attempt to assign VLAN 100 via RADIUS Does that work for you Whát if I have got multiple various customers with different Tunnel-Private-Group-Id beliefs. MAC-auth functions great(slot pieces in any objective untagged vIan), but 8021x(or both with MAC-auth) not working - in any mixtures of everything that can end up being tuned;-) Sick try to do the same with another customer OS(not home windows), maybe this is certainly a essential. Furthermore, it looks very unusual, because i have got dumps of rádius-traffic, and ihmó, all text messages seems to be correct. Without this, it will simply use the set up port value and ignore any RADIUS offered VLAN projects.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |