This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Default VLAN Dot1x Radius

S4mrai
New Contributor

‎11-13-2022 11:49 PM

Hello, 

we run a bunch of 7450 and 7250 in Switching mode and Setup a NPS ( Windows Radius ) with eap-tls cert auth like this:

authentication
 auth-mode multiple-untagged
 auth-default-vlan 160
 restricted-vlan 1002
 re-authentication
 auth-fail-action restricted-vlan
 dot1x enable
 dot1x enable ethe 1/1/39
 dot1x port-control auto ethe 1/1/39

radius-server host rad.ip.add.ress auth-port 1812 acct-port 1813 default key 2 mysecretkey dot1x

If I try to connect clients to our default VLAN ( Radius returns U:Default-VLAN ) I get the following error message:   Parse error as VLAN-ID XXX is used as sys-def-vlan

Can I not use my Default VLAN for dot1x radius auth ? If so is there a way on ICX to move all ports from one VLAN to another ?

 

 

 

 

0 Kudos
3 REPLIES 3

Yarenis
Moderator
Moderator

‎11-14-2022 03:31 PM

Hi @S4mrai 

It seems that VLAN 160 is your default VLAN, which by the way cannot be the same VLAN for authentication with 802.1x,that's the conflict you are getting.

Best regards,

Yarenis Hernández

Technical Support Engineer | L2 TAC Wired

0 Kudos

S4mrai
New Contributor
In response to Yarenis

‎11-15-2022 06:56 AM

my Default VLAN is 1 in this scenario not 160 sorry I left that out

0 Kudos

Yarenis
Moderator
Moderator
In response to S4mrai

‎11-15-2022 08:04 AM

Hi @S4mrai 

I will advise opening a case with the TAC, so we can assist you, check the all configuration a possible debugging.

 

Best regards,

Yarenis Hernández

Technical Support Engineer | L2 TAC Wired

0 Kudos
Copyright © 2024 Khoros, LLC