11-13-2022 11:49 PM
Hello,
we run a bunch of 7450 and 7250 in Switching mode and Setup a NPS ( Windows Radius ) with eap-tls cert auth like this:
authentication
auth-mode multiple-untagged
auth-default-vlan 160
restricted-vlan 1002
re-authentication
auth-fail-action restricted-vlan
dot1x enable
dot1x enable ethe 1/1/39
dot1x port-control auto ethe 1/1/39
radius-server host rad.ip.add.ress auth-port 1812 acct-port 1813 default key 2 mysecretkey dot1x
If I try to connect clients to our default VLAN ( Radius returns U:Default-VLAN ) I get the following error message: Parse error as VLAN-ID XXX is used as sys-def-vlan
Can I not use my Default VLAN for dot1x radius auth ? If so is there a way on ICX to move all ports from one VLAN to another ?
11-14-2022 03:31 PM
Hi @S4mrai
It seems that VLAN 160 is your default VLAN, which by the way cannot be the same VLAN for authentication with 802.1x,that's the conflict you are getting.
Best regards,
Yarenis Hernández
Technical Support Engineer | L2 TAC Wired
11-15-2022 06:56 AM
my Default VLAN is 1 in this scenario not 160 sorry I left that out
11-15-2022 08:04 AM
Hi @S4mrai
I will advise opening a case with the TAC, so we can assist you, check the all configuration a possible debugging.
Best regards,
Yarenis Hernández
Technical Support Engineer | L2 TAC Wired