|
Keywords: Voice VLAN, 802.1X authentication, dynamic VLAN, RADIUS,telephone 1.Device Model and Firmware
A telephone was connected to a CS83 switch and a voice VLAN was configured. The port where the telephone is connected was set as a hybrid port, allowing traffic from the voice VLAN to pass through untagged. Additionally, 802.1X authentication and dynamic VLAN were enabled on the port. The telephone successfully authenticated but failed to obtain an IP address. The show log output displays that no dynamic VLAN exists on the port.  Troubleshooting 1.Check the voice VLAN, RADIUS, and port configurations on the CS83 switch. The logs show successful authentication of the telephone, suggesting that the RADIUS configuration is correct. The issue is likely related to either thedynamic VLAN or the voice VLAN configuration.    The port enabled with 802.1X can successfully learn the MAC address of the telephone.  2.Collect debug information and verify if traffic from the dynamic VLAN delivered by the RADIUS server is permitted on the port. The following debugging information is displayed. However, upon reconnecting the telephone to the CS83 switch, running the debug command yields no output. The dynamic VLAN delivered by the RADIUS server is not detected. terminalmon debugdot1x event Debugdo1x error debugaaa all debugradius all Moreover, running the show dot1x summary command also yields no output.  3.Verify the configuration on the RADIUS server and perform packet obtaining andanalysis. Packets obtained from the RADIUS server show that the AVP (81) Tunnel-Private-Group-Idin the AVPs field is set to T:200. Cause Analysis Anincorrect dynamic VLAN value delivered by the RADIUS server prevents the switchfrom properly parsing the VLAN. 3. Solution 1. Modify the relevant RADIUS packet fields on the RADIUS server. 2. In this case, set the VLAN name on the switch to the corresponding value. Ruijie(config)#vlan 10 Ruijie(config-vlan)#name XXX  The value should be the dynamic VLAN ID or VLAN name. However, because the value contains characters, it is parsed as a VLAN name. No VLAN named T:200 existslocally on the switch. Therefore, traffic from the dynamic VLAN is not permitted on the port. Note:The following figures show RADIUS packets with a VLAN ID delivered normally.  2. Root Cause An incorrect dynamic VLAN value delivered by the RADIUS server prevents the switch from properly parsing the VLAN. 3. Solution 1. Modify the relevant RADIUS packet fields on the RADIUS server. 2. In this case, set the VLAN name on the switch to the corresponding value. Ruijie(config)#vlan 10 Ruijie(config-vlan)#name XXX |
This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.
More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.
©2000-2023 Ruijie Networks Co,Ltd
Level 5
