Campus Switching and Routing

Reply
Occasional Contributor I

DHCP issue with VLAN assigment

Hi ,

we are trying to assign dynamic vlan  by clearpass profile to clients that connected to hp 2960. and the hp 2960 connected to hp Core 7500.
users sometimes not getting ip address and there is an error on network connection "Unauthenticated". but if I remove the 802.1x config under the switch port then it's work fine.

I'm sharing the switch config and clear pass config

=============DHCP Config===========================

dhcp server ip-pool quarantine extended
network ip range 192.168.180.10 192.168.180.255
network mask 255.255.255.0
forbidden-ip 192.168.180.1 192.168.180.10
gateway-list 192.168.180.1
dns-list 172.16.16.2
expired day 0 hour 2

 

interface Vlan-interface79
ip address 192.168.180.1 255.255.255.0
dhcp server apply ip-pool quarantine


==============access Port===============================

aaa port-access authenticator 2/12 quiet-period 30
aaa port-access authenticator 2/12 logoff-period 862400
aaa port-access authenticator 2/12 client-limit 1
aaa port-access authenticator 2/12 quiet-period 30
aaa port-access authenticator 2/12 logoff-period 862400
aaa port-access authenticator 2/12 client-limit 3
aaa port-access mac-based 2/12
aaa port-access mac-based 2/12 addr-limit 3
aaa port-access mac-based 2/12 logoff-period 86400
aaa port-access mac-based 2/12 quiet-period 30
aaa port-access mac-based 2/12 server-timeout 10
aaa port-access mac-based 2/12 reauth-period 14400
aaa port-access mac-based 2/12 unauth-vid 5
aaa port-access 2/12 controlled-direction in

 

radius-server host 172.16.16.171 key "*****"
radius-server host 172.16.16.171 dyn-authorization
radius-server host 172.16.16.171 time-window 0
radius-server host 172.16.16.170 key "*****"
radius-server host 172.16.16.170 dyn-authorization
radius-server host 172.16.16.170 time-window 0
radius-server host 172.16.16.172 key "*****"
radius-server host 172.16.16.172 dyn-authorization
radius-server host 172.16.16.172 time-window 0

 

aaa accounting update periodic 3
aaa accounting network start-stop radius server-group "CPPM"
aaa authentication port-access eap-radius server-group "CPPM"
aaa authentication mac-based chap-radius server-group "CPPM"


aaa port-access authenticator active

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: