I have configured a switch with MAC auth from a RADIUS server, with both an authorised and unauthorised VLAN.
Unauthenticated clients work fine - the request hits RADIUS, is denied, and they end up in the unauth VID. Authorised clients don't work, and I cannot understand what is happening.
The log displays the following:
W 01/02/90 04:13:19 02403 dca: macAuth client tagged VLANs arbitration error,
MAC 38EAA7880001 port 1.
The relevant config for the port is as follows:
aaa port-access mac-based 1-22
aaa port-access mac-based 1 auth-vid 100
aaa port-access mac-based 1 unauth-vid 200
vlan 100
name "VOICE VLAN"
untagged 24
tagged 1-23
ip address 172.2.1.2 255.255.255.0
exit
vlan 200
name "DATA VLAN"
untagged 1-23,25-28
ip address 192.168.1.220 255.255.255.0
exit
I've looked through the documentation but cannot see an explanation for this error message. Clearly the issue is to do with tagged VLAN assignment but cannot get what needs to change to make this work.
The desired behaviour is that clients not auth'd end up in VLAN 200 but auth'd clients end up in VLAN 100.
Thanks in advance!