CommScope RUCKUS Community Forums

Hi,

I have an ICX7250-48P (version SPR 8095m) that is exhibiting some strange behavior with RADIUS and I am unsure if it is my configuration or if this is how MAC Auth is expected to work on the ICX line. For reference, I have configured RADIUS before and am currently using another server for a few wireless access points we have. For testing purposes, I was going to point all clients to the default guest VLAN (50) using the DEFAULT in RADIUS. The ICX receives this and changes the port over but then immediately terminates the session which thrashes the clients back and forth between the blackhole VLAN (default: 666) and the default guest VLAN (50). This basically makes the switch unusable since no traffic can get through. I will post my auth config, logs, and RADIUS config below as well. It would be much appreciated if there was anyone out there that could provide any bit of help!

Thank you,

Scott

RADIUS config:

# Default to VLAN 50
DEFAULT Auth-Type := Accept
Tunnel-Type = "VLAN",
Tunnel-Medium-Type = "IEEE-802",
Tunnel-Private-Group-Id = "50",
Reply-Message = "Hello, %u"

show run auth

authentication
auth-order mac-auth dot1x
auth-default-vlan 666
max-sessions 1024
reauth-timeout 0
mac-authentication enable
mac-authentication enable ethe 1/1/12 ethe 1/1/48
mac-authentication password-format xx:xx:xx:xx:xx:xx
mac-authentication dot1x-disable
!

show logging:

Nov 12 20:36:10:N:FLEXAUTH: Port 1/1/12 is deleted from Dynamic Vlan 50 as mac-vlan member
Nov 12 20:36:10:N:FLEXAUTH: Port 1/1/12 is added into Auth-Default Vlan 666 as mac-vlan member
Nov 12 20:36:10:N:MACAUTH: port 1/1/12 mac c8f7.50fb.0ec4 vlan 50: authenticated Session is Cleared[Termination-Cause: Host-Moved]
Nov 12 20:36:09:N:MAC Authentication succeeded for [c8f7.50fb.0ec4 50] on port 1/1/12
Nov 12 20:36:09:N:FLEXAUTH: Port 1/1/12 is deleted from Auth-Default Vlan 666 as mac-vlan member
Nov 12 20:36:09:N:FLEXAUTH: Port 1/1/12 is added into Dynamic Vlan 50 as mac-vlan member
Nov 12 20:36:09:N:MACAUTH: Port 1/1/12 Mac c8f7.50fb.0ec4 - received AAA-ACCEPT
Nov 12 20:36:09:C:MACAUTH: RADIUS server 10.32.0.1 Accepted for c8f7.50fb.0ec4 with (U:50 )
Nov 12 20:36:09:N:MACAUTH: port 1/1/12 mac c8f7.50fb.0ec4 vlan 666: Session is created
Nov 12 20:36:08:N:FLEXAUTH: Port 1/1/12 is deleted from Dynamic Vlan 50 as mac-vlan member
Nov 12 20:36:08:N:FLEXAUTH: Port 1/1/12 is added into Auth-Default Vlan 666 as mac-vlan member
Nov 12 20:36:08:N:MACAUTH: port 1/1/12 mac c8f7.50fb.0ec4 vlan 50: authenticated Session is Cleared[Termination-Cause: Host-Moved]
Nov 12 20:36:07:N:MAC Authentication succeeded for [c8f7.50fb.0ec4 50] on port 1/1/12
Nov 12 20:36:07:N:FLEXAUTH: Port 1/1/12 is deleted from Auth-Default Vlan 666 as mac-vlan member
Nov 12 20:36:07:N:FLEXAUTH: Port 1/1/12 is added into Dynamic Vlan 50 as mac-vlan member
Nov 12 20:36:07:N:MACAUTH: Port 1/1/12 Mac c8f7.50fb.0ec4 - received AAA-ACCEPT
Nov 12 20:36:07:C:MACAUTH: RADIUS server 10.32.0.1 Accepted for c8f7.50fb.0ec4 with (U:50 )
Nov 12 20:36:07:N:MACAUTH: port 1/1/12 mac c8f7.50fb.0ec4 vlan 666: Session is created
Nov 12 20:36:05:N:FLEXAUTH: Port 1/1/12 is deleted from Dynamic Vlan 50 as mac-vlan member
Nov 12 20:36:05:N:FLEXAUTH: Port 1/1/12 is added into Auth-Default Vlan 666 as mac-vlan member
Nov 12 20:36:05:N:MACAUTH: port 1/1/12 mac c8f7.50fb.0ec4 vlan 50: authenticated Session is Cleared[Termination-Cause: Host-Moved]