我试图在多台Dell PowerConnect 3524交换机上使用dynamicVLAN分配。
我有两个RADIUS服务器,我已经certificate这两个服务器在Linux上使用radtest。
其中一个服务器(优先级0)位于networkingpipe理VLAN(运行在Windows上的TekRADIUS)上,第二个(优先级1)位于另一个VLAN(Linux上的FreeRADIUS)上。
但我似乎无法说服交换机实际上对任何一台RADIUS服务器执行身份validation。
交换机和RADIUS服务器之间的networking通信已经通过交换机CLI的ping进行了validation。
我的交换机configuration如下,任何人都可以发现我错过了什么?
interface range ethernet all spanning-tree portfast exit interface range ethernet e(1-24) dot1x multiple-hosts authentication exit interface ethernet g1 switchport mode trunk exit vlan database vlan 2-5,9-11 exit interface ethernet g1 switchport trunk allowed vlan add 2 exit interface ethernet g1 switchport trunk allowed vlan add 3 exit interface ethernet g1 switchport trunk allowed vlan add 4 exit interface ethernet g1 switchport trunk allowed vlan add 5 exit interface ethernet g1 switchport trunk allowed vlan add 9 exit interface ethernet g1 switchport trunk allowed vlan add 10 exit interface ethernet g1 switchport trunk allowed vlan add 11 exit interface vlan 2 name netman exit interface vlan 3 name lt-sys exit interface vlan 4 name pub-sys exit interface vlan 5 name lt-clients exit interface vlan 9 name lt-voip exit interface vlan 10 name lt-print exit interface vlan 11 name lt-wifi exit dot1x system-auth-control interface range ethernet e(1-24) dot1x radius-attributes vlan exit interface range ethernet e(1-24) dot1x port-control auto exit interface vlan 2 ip address 10.58.2.7 255.255.255.0 exit hostname sw-3-1 radius-server host 10.58.2.128 key switch usage dot1.x radius-server host 10.58.3.132 key switch priority 1 usage dot1.x aaa authentication dot1x default radius username bryan password password-hash-was-here level 15 encrypted ip domain-name liketechnologies.local ip name-server 10.58.3.32 10.58.3.33 我已经设法解决这个现在(或主要)。 由于RADIUSauthentication,端口被正确分配给VLAN,但是由于某些原因,设备从我们的DHCP服务器获得IP地址后,没有其他的stream量被转发。
我可能刚刚得到了我的VLAN路由错误,或者我没有正确地在中继端口上传递VLANstream量。
对于任何人通过谷歌我的(主要)工作configuration如下:
interface range ethernet all spanning-tree portfast exit interface range ethernet e(1-24) dot1x multiple-hosts authentication exit interface range ethernet g(1-4) switchport mode trunk exit vlan database vlan 2-6,9-11 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 2 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 3 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 4 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 5 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 6 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 9 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 10 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 11 exit interface vlan 2 name netman exit interface vlan 3 name lt-sys exit interface vlan 4 name pub-sys exit interface vlan 5 name lt-clients exit interface vlan 6 name guest exit interface vlan 9 name lt-voip exit interface vlan 10 name lt-print exit interface vlan 11 name lt-wifi exit interface vlan 6 dot1x guest-vlan exit dot1x system-auth-control interface range ethernet e(1-24) dot1x re-authentication exit interface range ethernet e(1-24) dot1x max-req 3 exit interface range ethernet e(1-24) dot1x mac-authentication mac-and-802.1x exit interface range ethernet e(1-24) dot1x radius-attributes vlan exit interface range ethernet e(1-24) dot1x port-control auto exit interface range ethernet e(1-24) dot1x guest-vlan enable exit interface vlan 2 ip address 10.58.2.99 255.255.255.0 exit hostname sw-1-2 radius-server host 10.58.2.128 key switch priority 2 radius-server host 10.58.3.132 key switch priority 1 aaa authentication dot1x default radius username bryan password password-hash-was-here level 15 encrypted clock source sntp sntp server 10.58.3.128 poll ip domain-name liketechnologies.local ip name-server 10.58.3.32 10.58.3.33