Hi!
We got a Stack of 4 PowerConnect N3048. We are trying to set up port-authentication and dynamic vlan-assignment from radius.
Everything works like a charm unless we enable routing with "ip routing".
(Reboot is required between routing on/off! Is this behavior normal?)
With routing enabled radius authentication fails with the following error:
DOT1X[126721636]: dot1x_radius.c(237) 1547 %% Failed to authenticate on logical interface [ifName not found(1408)] due to radius comm failure.
Radius could be pinged from the cli of the switch. Radius is on the same subnet as VLAN1 Interface.
Our config:
!Current Configuration:
!System Description "Dell Networking N3048, 6.1.1.7, Linux 3.6.5-601418a5"
!System Software Version 6.1.1.7
!
configure
vlan 110
name "DMZ"
exit
vlan 120
name "Server"
exit
vlan 130
name "Drucker"
exit
vlan 140
name "VoIP"
exit
vlan 150
name "Entwicklung"
exit
vlan 160
name "Consulting"
exit
vlan 170
name "Gast"
exit
vlan 180
name "Privat"
exit
vlan 190
name "WLANtranport"
exit
vlan 200
name "Quarantine"
exit
vlan 110,120,130,140,150,160,170,180,190,200
exit
hostname "SW_CORE_STACK"
slot 1/0 3 ! Dell Networking N3048
slot 2/0 3 ! Dell Networking N3048
slot 3/0 3 ! Dell Networking N3048
slot 4/0 3 ! Dell Networking N3048
sntp server 192.168.0.1
clock timezone 1 minutes 0
stack
member 1 4 ! N3048
member 2 4 ! N3048
member 3 4 ! N3048
member 4 4 ! N3048
exit
ip name-server "192.168.0.29"
ip name-server "192.168.0.34"
ip routing
ip default-gateway 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.0.1 253
interface vlan 1
ip address 192.168.0.254 255.255.255.0
exit
interface vlan 110
exit
interface vlan 120
ip address 192.168.20.254 255.255.255.0
exit
interface vlan 130
ip address 192.168.30.254 255.255.255.0
exit
interface vlan 140
ip address 192.168.40.254 255.255.255.0
exit
interface vlan 150
ip address 192.168.50.254 255.255.255.0
ip helper-address 192.168.0.29
ip helper-address 192.168.0.34
exit
interface vlan 160
ip address 192.168.60.254 255.255.255.0
exit
interface vlan 180
ip address 192.168.80.254 255.255.255.0
exit
username "xyz" password 751fe0167e5f2f7d86f25b6c739d9965 privilege 15 encrypted
aaa authentication login "defaultList" local
aaa authentication login "networkList" radius
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
radius-server source-ip 192.168.0.254
radius-server key "radiuskey"
radius-server host auth 192.168.0.51
primary
name "vm-NARadiusServer1"
usage 802.1x
key "radiuskey"
exit
radius-server host auth 192.168.0.52
primary
name "vm-NARadiusServer2"
usage 802.1x
key "radiuskey"
exit
line ssh
login authentication defaultList
exit
ip ssh server
!
interface Gi1/0/1
dot1x port-control force-authorized
exit
!
interface Gi1/0/2
dot1x port-control force-authorized
exit
!
interface Gi1/0/3
dot1x port-control force-authorized
exit
!
interface Gi1/0/4
dot1x port-control force-authorized
exit
!
interface Gi1/0/5
spanning-tree portfast
switchport access vlan 140
dot1x port-control force-authorized
exit
interface Gi1/0/6
spanning-tree portfast
switchport access vlan 110
dot1x port-control force-authorized
exit
!
interface Gi1/0/7
spanning-tree portfast
switchport mode general
dot1x port-control mac-based
dot1x reauthentication
dot1x timeout guest-vlan-period 1
dot1x mac-auth-bypass
exit
Any help would be appreciated!