Multiple Vlan assigment in Free radius server with Cisco Nexus Switch.

[deepak rawat]

Hi,

Our Cisco switch -3548X on version 9.3.2 is having a dot1x port based feature is enabled and connected to a free radius server for authentication. We are trying to give the multiple Vlan in the Free radius server user file so that Cisco can allow our two Vlan 1968 and Vlan1969.

We are trying the below configuration in user file of freeradius server where we are giving the two Vlan but the cisco Auth vlan is coming as default.
> 
>  
> Free radius user file config for Cisco switch
> 
> E23D213926.XXX.com Cleartext-Password := "54321"
> Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802,
> Tunnel-Private-Group-ID = "1968,1969"
> 
>  
> Cisco Dot1x output
> 
> Dot1x Info for Ethernet1/11
> -----------------------------------
> PAE = AUTHENTICATOR
> PortControl = AUTO
> HostMode = MULTI HOST
> ReAuthentication = Enabled
> QuietPeriod = 60
> ServerTimeout = 30
> SuppTimeout = 30
> ReAuthPeriod = 3600 (Locally configured)
> ReAuthMax = 2
> MaxReq = 2
> TxPeriod = 30
> RateLimitPeriod = 0
> InactivityPeriod = 0
> Mac-Auth-Bypass = Disabled
> 
> Dot1x Authenticator Client List
> -------------------------------
> Supplicant = 58:45:4C:E7:B3:42
> Domain = DATA
> Auth SM State = AUTHENTICATED
> Auth BEND SM State = IDLE
> Port Status = AUTHORIZED
> Authentication Method = EAP
> Authenticated By = Remote Server
> ReAuthPeriod = 3600
> ReAuthAction = Reauthenticate
> TimeToNextReauth = 2639
> Auth-Vlan = 1
> 
>  
> If we give only one Vlan1968 then our setup is working but our node which need a authentication from cisco/free radius has a two vlan 1968 and 1969 , So we are not able to reach the default GW of 1969 vlan if we put only one vlan assignment in Radius server.
> 
> So can anyone know how to set the two vlan in free radius server and in which pattern in user file as it is quite complicated.
>  
> Regadrs,
> 
> Deepak Rawat
> 
> 
>