@ncuit wrote:
I've been watching my radius server in debug mode to see what communication is going on. I've had a laptop plugged in for a while now and doing a
show auth-tracebuf mac d8:d3:85:0a:1a:0c
displays nothing as does
show auth-tracebuf | include d8:d3:85:0a:1a:0c
Even after unplugging the laptop and plugging it back in.
Doing a "show log all | include d8:d3:85:0a:1a:0c"gives me lots of lines with the following
Jul 12 14:16:11 authmgr[1623]: <522035> <INFO> |authmgr| MAC=d8:d3:85:0a:1a:0c Station UP: BSSID=01:80:c2:00:00:03 ESSID=n/a VLAN=13 AP-name=AP93HTest
But if I plug in a new device the above commands all show information.
I don't seem to have an "aaa user delete" command under configure terminal, is it located elsewhere?
Hold on, are you doing 802.1x or are you just doing mac authentication?
If you are just doing mac authentication, you cannot switch the VLAN of a wired client through mac authentication. That is because the client, as soon as the interface comes up, sends a DHCP request on the primary VLAN before the mac authentication fires and switches the VLAN. Even if the VLAN is switched internally, the client's link would have to go down, then up to request DHCP again, to switch VLANs.
This would only be possible with wired 802.1x