Dynamic VLAN assignment not working on 5548/8024 setup (no RADIUS requests going out)

Hi,

We are currently tasked with implementing a dynamic VLAN assignment network infrastructure based on Dell Switch models 5548p and 8024F. In our setup we will be rolling out two 8024s, one of which will be used as our router and the other one for live-migration. Furthermore six 5548s will be used as layer 2 switches in order to connect the Ethernet clients in our Lan.

Currently we are working with one 5548 and one 8024 as our test setup. The plan foresees to have several VLANs in order to limit access of certain AD user groups to specific network resources. Thus far the setup runs in a lab environment and all necessary roles for dynamic VLAN assignment have been successfully installed and configured. We want to use dot1x authentication involving a RADIUS server which runs on WS2012. The configured policies of our NPS server have been successfully checked with NTRadPing and include all necessary parameters for the dynamic VLAN assignment according to the Dell 5548 manual (e.g. Tunnel-Medium-Type: 802 ; Tunnel-Pvt-Group-ID: 10 ; Tunnel-Type: VLAN”).

However we are not seeing any requests from clients attached at port 0/21 of 5548 arriving at out radius server. Please help us see the possible errors/misconfigurations in our current setup.

Thanks in advance.

Config 5548

console# show running-config

vlan database

vlan 10,15,20,25,30,35,45,50,60,100

exit

voice vlan oui-table add 000181 Nortel__________________

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 001049 Shoretel________________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00907a Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

dot1x system-auth-control

iscsi target port 860 address 0.0.0.0

iscsi target port 3260 address 0.0.0.0

iscsi target port 9876 address 0.0.0.0

iscsi target port 20002 address 0.0.0.0

iscsi target port 20003 address 0.0.0.0

iscsi target port 25555 address 0.0.0.0

ip dhcp relay address 10.10.10.22

ip dhcp relay enable

radius-server host 10.10.10.22 key password_01 source 10.10.10.2

radius-server key password_01

radius-server retransmit 10

radius-server source-ip 10.10.10.2

logging buffered debugging

logging console debugging

logging file debugging

aaa authentication login "VLAN Radius" radius

aaa authentication dot1x default radius

username admin password encrypted ****************************** privilege 15

snmp-server community Dell_Network_Manager rw view DefaultSuper

!

interface vlan 1

 ip address 10.10.10.2 255.255.0.0

!

interface vlan 10

 name Consulting

!

interface vlan 15

 name "Consulting Server"

!

interface vlan 20

 name Info

!

interface vlan 25

 name "Info Server"

!

interface vlan 30

 name "Global Services"

!

interface vlan 35

 name "Global Server"

!

interface vlan 45

 name "Global Web Server"

!

interface vlan 50

 name Printer

!

interface vlan 60

 name Guest

 dot1x guest-vlan

!

interface vlan 100

 name Management

!

interface gigabitethernet1/0/21

 dot1x host-mode multi-sessions

 dot1x guest-vlan enable

 dot1x max-req 10

 dot1x reauthentication

 dot1x radius-attributes vlan

 dot1x port-control auto

 switchport access vlan none

!

interface gigabitethernet1/0/31

 switchport general pvid 100

!

interface tengigabitethernet1/0/1

 switchport mode trunk

!

interface tengigabitethernet1/0/2

 switchport mode trunk

!

ip route 0.0.0.0 0.0.0.0 10.10.10.1

Config 8024:

Default settings:

Service tag: *******

SW version 4.1.0.10 (date  18-Mar-2013 time  13:43:04)

Gigabit Ethernet Ports

=============================

no shutdown

speed 1000

duplex full

negotiation

flow-control on

mdix auto

no back-pressure

interface vlan 1

interface port-channel 1 - 32

spanning-tree

spanning-tree mode RSTP

qos basic

qos trust cos

eee enable

console#

console#show running-config

!Current Configuration:

!System Description "Powerconnect 8024F, 5.0.1.3, VxWorks 6.6"

!System Software Version 5.0.1.3

!Cut-through mode is configured as disabled

!

configure

vlan 10,15,20,25,30,35,45,50,60,100

exit

vlan 10

name "Consulting"

vlan association subnet 10.1.0.0 255.255.0.0

exit

vlan 15

name "Consulting Server"

exit

vlan 20

name "Info"

vlan association subnet 10.20.0.0 255.255.0.0

exit

vlan 25

name "Info Server"

exit

vlan 30

name "Global Services"

exit

vlan 35

name "Global Server"

exit

vlan 45

name "Global Web Server"

exit

vlan 50

name "Print"

exit

vlan 60

name "Guest"

exit

vlan 100

name "Management"

exit

stack

member 1 2    ! PC8024F

exit

access-list test permit ip any any

ip routing

ip helper-address 10.10.10.22 dhcp

interface vlan 1

ip address 10.10.10.1 255.255.0.0

exit

interface vlan 10

ip address 10.1.0.1 255.255.0.0

exit

interface vlan 15

ip address 10.15.0.1 255.255.0.0

exit

interface vlan 20

ip address 10.20.0.1 255.255.0.0

exit

interface vlan 25

ip address 10.25.0.1 255.255.0.0

exit

interface vlan 30

ip address 10.30.0.1 255.255.0.0

exit

interface vlan 35

ip address 10.35.0.1 255.255.0.0

exit

interface vlan 45

ip address 10.45.0.1 255.255.0.0

exit

interface vlan 50

ip address 10.50.0.1 255.255.0.0

exit

interface vlan 60

ip address 10.60.0.1 255.255.0.0

exit

interface vlan 100

ip address 10.100.0.1 255.255.0.0

exit

username "admin" password 5f4dcc3b5aa765d61d8327deb882cf99 privilege 15 encrypted

dot1x system-auth-control monitor

aaa authorization network default radius

radius-server host auth 10.10.10.22

name "Default-RADIUS-Server"

key "password_01"

exit

!

interface Te1/0/1

switchport mode trunk

exit

!

interface Te1/0/4

switchport mode trunk

exit

snmp-server engineid local 800002a203d067e59f1265

enable password 5f4dcc3b5aa765d61d8327deb882cf99 encrypted

exit

console#