You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have an Aruba 2930F switch where I can successfully authenticate users, printers, and other devices.
I want to enable 802.1X on a switchport connected to my Meraki access point. Authentication for the access point itself works correctly. Additionally, I can authenticate wireless users connected to the Meraki access points via PacketFence, and users receive the correct VLAN ID from PacketFence.
However, the problem begins here:
The wireless user authenticated via PacketFence should belong to VLAN 10.
The switchport where the access point is connected is also authenticated and correctly placed in VLAN 60.
Unfortunately, no other VLAN tagging is allowed on this port (dont know how to permit vlan tagging), so the wireless client does not receive an IP address in VLAN 10.
Is there a way to configure PacketFence to allow other VLAN tagging on the switchport connected to the access point?
Or am I misunderstanding this setup? Should the switch be configured to allow other VLAN tags once the access point authentication is successful?
by the way, everything ports if i deactivate the dot1x on switchport connected to meraki access point. which means the users land in a correct vlan id 10 with tags and get an ip address.
however i like to also secure the port with dot1x.
Hello ,
We are facing the following situation:
I have an Aruba 2930F switch where I can successfully authenticate users, printers, and other devices.
I want to enable 802.1X on a switchport connected to my Meraki access point. Authentication for the access point itself works correctly. Additionally, I can authenticate wireless users connected to the Meraki access points via PacketFence, and users receive the correct VLAN ID from PacketFence.
However, the problem begins here:
Is there a way to configure PacketFence to allow other VLAN tagging on the switchport connected to the access point?
Or am I misunderstanding this setup? Should the switch be configured to allow other VLAN tags once the access point authentication is successful?
here is the port config:
interface 2/7
tagged vlan 10
untagged vlan 1
no snmp-server enable traps link-change
aaa port-access authenticator
aaa port-access authenticator reauth-period 28800
aaa port-access authenticator client-limit 32
aaa port-access mac-based
aaa port-access mac-based addr-limit 32
aaa port-access mac-based addr-moves
aaa port-access mac-based reauth-period 3600
aaa port-access mac-based unauth-vid 1
aaa port-access controlled-direction in
spanning-tree admin-edge-port
spanning-tree bpdu-protection
exit
Thank you for your assistance.
Best regards,
Farbod
The text was updated successfully, but these errors were encountered: