Hi,
I've tried assigning a VLAN via Radius, and I don't want/need to do fully fledged EAP (802.1x) but only MAC-based auth/MAB.
One of the messages I got was:
Time Stamp..................................... Apr 13 2017 18:04:21
Result Age..................................... 0 days, 1 hours, 33 minutes, 9 seconds
Interface...................................... Gi1/0/1
MAC-Address.................................... 001E.330B.7554
VLAN Assigned.................................. 1
VLAN Assigned Reason........................... Default Assigned VLAN
Filter Name....................................
Auth Status.................................... Authorized
Reason......................................... Authentication Successful, VLAN Assignment Feature Not Present for a MAB Client.
I found out that the VLAN is correctly assigned ("Dot1x Radius Authentication Successful for a MAB Client") if I configure Radius to perform an EAP dialog.
Why would EAP be necessary in order to get VLAN assignment via Radius to work?
Radius returns all necessary items (Tunnel-Type, Tunnel-Medium-Type, Tunnel-Private-Group-Id), there is no need to add EAP for that.
Bye,
Jammac
PS. Here's my current config:
authentication enable
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
radius-server host 1.2.3.4
key 123
usage 802.1x
int range gi 1/0/1-46
switchport mode general
dot1x port-control mac-based
dot1x reauthentication
dot1x max-users 4
dot1x mac-auth-bypass
authentication order mab
authentication priority mab
exit