cancel
Showing results for 
Search instead for 
Did you mean: 

Default VLAN Dot1x Radius

S4mrai
New Contributor

Hello, 

we run a bunch of 7450 and 7250 in Switching mode and Setup a NPS ( Windows Radius ) with eap-tls cert auth like this:

authentication
 auth-mode multiple-untagged
 auth-default-vlan 160
 restricted-vlan 1002
 re-authentication
 auth-fail-action restricted-vlan
 dot1x enable
 dot1x enable ethe 1/1/39
 dot1x port-control auto ethe 1/1/39

radius-server host rad.ip.add.ress auth-port 1812 acct-port 1813 default key 2 mysecretkey dot1x

If I try to connect clients to our default VLAN ( Radius returns U:Default-VLAN ) I get the following error message:   Parse error as VLAN-ID XXX is used as sys-def-vlan

Can I not use my Default VLAN for dot1x radius auth ? If so is there a way on ICX to move all ports from one VLAN to another ?

 

 

 

 

3 REPLIES 3

Yarenis
Moderator
Moderator

Hi @S4mrai 

It seems that VLAN 160 is your default VLAN, which by the way cannot be the same VLAN for authentication with 802.1x,that's the conflict you are getting.

Best regards,

Yarenis Hernández

Technical Support Engineer | L2 TAC Wired

S4mrai
New Contributor

my Default VLAN is 1 in this scenario not 160 sorry I left that out

Hi @S4mrai 

I will advise opening a case with the TAC, so we can assist you, check the all configuration a possible debugging.

 

Best regards,

Yarenis Hernández

Technical Support Engineer | L2 TAC Wired