Hi
I'm trying to configure UNP to redirect a device to the vlan 92 but it's not working.
My port is set as mobile.
When I connect the device to that port it goes directly to the default vlan.
Do I need a RADIUS server or 802.1x to do this?
I used the following commands to do this.
aaa user-network-profile name "management" vlan 92
aaa classification-rule mac-address xx:xx:xx:xx:xx:xx user-network-profile name management
Thanks in advance for your help.
User Network Profile
Re: User Network Profile
if you use classification-rule you don't need radius server. But you have to activate 802.1x at the mobile ports. Than for non-supplicants there must an entry group-mobility for checking the rules.
vlan port mobile 1/1
vlan port 1/1 802.1x enable
802.1x 1/1 non-supplicant policy group-mobility
regards
Silvio
vlan port mobile 1/1
vlan port 1/1 802.1x enable
802.1x 1/1 non-supplicant policy group-mobility
regards
Silvio
Re: User Network Profile
Thanks for your answer Silvio. I tried it with a radius server and it worked great.
Now I have another problem, I'm trying to make a supplicant authentication to assign a user to a UNP but even if I pass the authentication it doesn't assign me the profile.
This is the line I'm using.
802.1x 1/1 supplicant policy authentication pass group-mobility block fail captive-portal
To verify that the authentication was working I assigned the pass condition to the vlan 93 and it worked. The line I used is below.
802.1x 1/1 supplicant policy authentication pass vlan 93 block fail captive-portal
On my radius the user is specified as following:
user Cleartext-Password := "test"
Filter-id = "test-profile"
When I do this with mac authentication (non-supplicant) it works perfectly with the profiles created for the mac address.
Thanks again for your help
Now I have another problem, I'm trying to make a supplicant authentication to assign a user to a UNP but even if I pass the authentication it doesn't assign me the profile.
This is the line I'm using.
802.1x 1/1 supplicant policy authentication pass group-mobility block fail captive-portal
To verify that the authentication was working I assigned the pass condition to the vlan 93 and it worked. The line I used is below.
802.1x 1/1 supplicant policy authentication pass vlan 93 block fail captive-portal
On my radius the user is specified as following:
user Cleartext-Password := "test"
Filter-id = "test-profile"
When I do this with mac authentication (non-supplicant) it works perfectly with the profiles created for the mac address.
Thanks again for your help
Re: User Network Profile
if you have configured the unp "test-profile" it should work.
for troubleshooting
> show aaa-device all-user
> aaa test-radius-server.... there you can see your returned filter-id
for troubleshooting
> show aaa-device all-user
> aaa test-radius-server.... there you can see your returned filter-id
Re: User Network Profile
It finally worked. It resulted to be that it needed some additional configuration in the radius server.
Thanks
Thanks