![]() ![]() However, as it is now, they will authenticate, but stay in the vlan assigned on the port (unused vlan). The way I'd seen/had this working before, was that I could assign each port to an unused VLAN, and if it authenticated via MAB, the port would be assigned to the VLAN in Tunne-Pvt-Group-ID. Tunnel-Pvt-Group-ID 666 (or other vlan #) They had certificate on PC and used access switch Huawei S5720-28X-PWR-SI-AC and a server radius in their topology.So far, they used switch Cisco and connected. This applies to Netgear managed switches running firmware version 8.0.1.2 or later. On the NPS server side of things, I've got a connection request policy that looks likeĬalling Station ID MACADDRESS1|MACADDRESS2|etc This process removes the need to manually assign ports into VLANs. ![]() On my switches I've got (w/ IPs etc changed) dot1x system -auth-controlĪaa authentication dot1x default group radiusĪddress ipv4 1.1.1.1 auth-port 1645 acct-port 1646 I'd set this up on some NX-OS switches before, and believe I've got the same configuration now, but it's not working. So far, I've gotten MAB working, but not the dynamic VLAN portion. I'm wanting to setup MAB w/ dynamic VLANs on some 2960s using a Microsoft NPS server. Wasn't sure whether to put this in a Windows sub or here, so I'll start here. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |