Ping a Specific Port

Question

Bryan

Asked: 2010-09-06 02:52:47 +0800 CST2010-09-06 02:52:47 +0800 CST 2010-09-06 02:52:47 +0800 CST

Need help getting Dynamic VLAN Assignment working with RADIUS and Dell PowerConnect 3524

772

I'm attempting to get Dynamic VLAN Assignment working on a number of Dell PowerConnect 3524 switches.

I've got a two RADIUS servers, both of which I've proved to be working using radtest on Linux.

One of the servers (Priority 0) is hosted on the network management VLAN (TekRADIUS running on Windows), and the second (Priority 1) is located on another VLAN (FreeRADIUS on Linux).

I can't seem to convince the switches to actually perform an authentication against either of the RADIUS servers however.

Network Comms between the switch and RADIUS servers has been proven using ping from the switch CLI.

My switch configuration is as follows, can anyone spot anything I've missed?

interface range ethernet all
spanning-tree portfast
exit
interface range ethernet e(1-24)
dot1x multiple-hosts authentication
exit
interface ethernet g1
switchport mode trunk
exit
vlan database
vlan 2-5,9-11
exit
interface ethernet g1
switchport trunk allowed vlan add 2
exit
interface ethernet g1
switchport trunk allowed vlan add 3
exit
interface ethernet g1
switchport trunk allowed vlan add 4
exit
interface ethernet g1
switchport trunk allowed vlan add 5
exit
interface ethernet g1
switchport trunk allowed vlan add 9
exit
interface ethernet g1
switchport trunk allowed vlan add 10
exit
interface ethernet g1
switchport trunk allowed vlan add 11
exit
interface vlan 2
name netman
exit
interface vlan 3
name lt-sys
exit
interface vlan 4
name pub-sys
exit
interface vlan 5
name lt-clients
exit
interface vlan 9
name lt-voip
exit
interface vlan 10
name lt-print
exit
interface vlan 11
name lt-wifi
exit
dot1x system-auth-control
interface range ethernet e(1-24)
dot1x radius-attributes vlan
exit
interface range ethernet e(1-24)
dot1x port-control auto
exit
interface vlan 2
ip address 10.58.2.7 255.255.255.0 
exit
hostname sw-3-1
radius-server host 10.58.2.128 key switch usage dot1.x 
radius-server host 10.58.3.132 key switch priority 1 usage dot1.x 
aaa authentication dot1x default radius 
username bryan password password-hash-was-here level 15 encrypted
ip domain-name liketechnologies.local
ip name-server  10.58.3.32 10.58.3.33

1 Answers

Voted

Bryan · Answer 1 · 2010-09-08T22:56:55+08:00

I've managed to resolve this now (or mostly). The ports are being correctly assigned to VLANs as a result of RADIUS authentication, however for some reason after the device gets assigned an IP address from our DHCP server, no other traffic is forwarded.

I've probably just got my VLAN routing wrong, or I'm not correctly passing VLAN traffic on the trunk ports.

For anyone else finding this via google my (mostly) working config is as follow:

interface range ethernet all
spanning-tree portfast
exit
interface range ethernet e(1-24)
dot1x multiple-hosts authentication
exit
interface range ethernet g(1-4)
switchport mode trunk
exit
vlan database
vlan 2-6,9-11
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 2
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 3
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 4
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 5
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 6
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 9
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 10
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 11
exit
interface vlan 2
name netman
exit
interface vlan 3
name lt-sys
exit
interface vlan 4
name pub-sys
exit
interface vlan 5
name lt-clients
exit
interface vlan 6
name guest
exit
interface vlan 9
name lt-voip
exit
interface vlan 10
name lt-print
exit
interface vlan 11
name lt-wifi
exit
interface vlan 6
dot1x guest-vlan
exit
dot1x system-auth-control
interface range ethernet e(1-24)
dot1x re-authentication
exit
interface range ethernet e(1-24)
dot1x max-req 3
exit
interface range ethernet e(1-24)
dot1x mac-authentication mac-and-802.1x
exit
interface range ethernet e(1-24)
dot1x radius-attributes vlan
exit
interface range ethernet e(1-24)
dot1x port-control auto
exit
interface range ethernet e(1-24)
dot1x guest-vlan enable 
exit
interface vlan 2
ip address 10.58.2.99 255.255.255.0 
exit
hostname sw-1-2
radius-server host 10.58.2.128 key switch priority 2 
radius-server host 10.58.3.132 key switch priority 1 
aaa authentication dot1x default radius 
username bryan password password-hash-was-here level 15 encrypted
clock source sntp
sntp server 10.58.3.128 poll
ip domain-name liketechnologies.local
ip name-server  10.58.3.32 10.58.3.33

Need help getting Dynamic VLAN Assignment working with RADIUS and Dell PowerConnect 3524

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?