Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Vlan 1 and 802.1x with MS NPS 2008R2

Roman Rathler
Occasional Visitor

Vlan 1 and 802.1x with MS NPS 2008R2

Hi,

we are in the process of implementing 802.1x with dynamic VLAN assignment with MS NPS 2008R2 and a couple of ProCurve switches (8212zl, 5406zl, 3500).

A lot of things seem to work well:
- Radius Auth
- Assignment of VLANs

So Clients do get assigned to the correct VLAN, BUT: If he assigned vlan is vlan 1, then there is no traffic being processed???

If there is any other vlan assinged, everything works out well. We hat a 14.60 firmware running and upgraded to 15.05 - but this didn't make any change.

Maybe there is somebody who might have a clue, why vlan 1 might make a problem here!

regards,
Roman
3 REPLIES
cenk sasmaztin
Honored Contributor

Re: Vlan 1 and 802.1x with MS NPS 2008R2

please send me sh run print
cenk

Roman Rathler
Occasional Visitor

Re: Vlan 1 and 802.1x with MS NPS 2008R2

Hi,

here the relevant config...

Best regards,
Roman

Running configuration:
; J9472A Configuration Editor; Created on release #K.15.02.0005
hostname "HV-IT2"
module 1 type J94ccA
module 2 type J94ddA
ip default-gateway 10.232.99.1
vlan 1
name "AAAAA"
untagged 1-48
no ip address
exit
vlan 99
name "AdminLAN"
ip address 10.232.99.211 255.255.255.0
tagged 47-48
exit
vlan 100
name "BBBBBB"
no ip address
exit
vlan 23
name "CCCCCCCC"
no ip address
exit
vlan 20
name "DDDDDDDD"
tagged 47-48
no ip address
exit
vlan 200
name "EEEEEEEE"
no ip address
exit
vlan 102
name "FFFFFFF"
tagged 47-48
no ip address
exit
vlan 101
name "GGGGGGGG"
tagged 47-48
no ip address
exit
web-management ssl
ip authorized-managers 10.232.99.199 255.255.255.255 access manager
ip authorized-managers 10.232.253.64 255.255.255.224 access manager
ip ssh filetransfer
aaa accounting network start-stop radius
aaa authentication port-access eap-radius authorized
aaa port-access authenticator 1-45
aaa port-access authenticator 1 max-requests 5
aaa port-access authenticator 1 reauth-period 3600
aaa port-access authenticator 1 unauth-vid 20
aaa port-access authenticator 2 max-requests 5
aaa port-access authenticator 2 reauth-period 3600
aaa port-access authenticator 2 unauth-vid 20
aaa port-access authenticator 3 max-requests 5
aaa port-access authenticator 3 reauth-period 3600
aaa port-access authenticator 3 unauth-vid 20
aaa port-access authenticator active
aaa port-access 1 mixed
aaa port-access 2 mixed
aaa port-access 3 mixed
spanning-tree
spanning-tree legacy-path-cost
no tftp client
no tftp server
password manager
password operator
Roman Rathler
Occasional Visitor

Re: Vlan 1 and 802.1x with MS NPS 2008R2

Hi,

i missed the radius servers part of the config, but as I already mentioned, everything works besides the VLAN 1, if it was assigned via Radius. Also the switch show authenticated, but no traffic is being processed there.

best regards,
Roman