cancel
Showing results for 
Search instead for 
Did you mean: 

Acomplish Vlan assigment with Dlink switch

Highlighted
Occasional Contributor

Acomplish Vlan assigment with Dlink switch

IÇm authenticating clients using 802.1x and depending their roles assign them the correct vlan. I have made the configuration with the UAC and a Juniper switch, and everything worked fine. But now the my customer wants to implement the same configuration on a Dlink switch, I tried to replicate everything I did on the EX 2200 switch but when clients try to authenticate (using Junos Pulse). It remains in a connecting state.
When I see the logs and check the TCP dump, everything seems fine and when I check the active users in the UAC, the user appears to be logged in, but with no IP address.

 

Any idea or suggestion?

 

8 REPLIES 8
Highlighted
Regular Contributor

Re: Accomplish Vlan assignment with Dlink switch

What Radius Return Attribute policy are you using ?

Have you configured Open port or VLAN or Return attributes ?

Would it be possible for you to share the Radius logs from Troubleshooting --> Monitoring --> Radius

 

Thanks

Highlighted
Super Contributor

Re: Acomplish Vlan assigment with Dlink switch

Hi,

 

How is the IP address assignment is done once the VLAN is assigned  to the user?

 

Does it based on a DHCP server, if so do you  have DHCP forwarder configured ?

 

Is the Switch capable of assigning the IP on its own ? I feel the issue at switch side however its better to review the logs & speak

 

Regards,

Kannan

 

 

 

Highlighted
Regular Contributor

Re: Acomplish Vlan assigment with Dlink switch

Hello

 

You need to verify if the switch that you are using supports dynamic VLAN assignment.

Not all flavors of DLINK supports dynamic VLAN assignment.

 

Regards,

Raveen

 

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well.

Kudos will be bonus if I earned it!

 

 

Highlighted
Occasional Contributor

Re: Accomplish Vlan assignment with Dlink switch

I've tried with both, Open Port and VLAN. But none of them lets me log in the user.

I've attached the logs.

Note: Even though I can't log in the user the Junos Pulse keeps on connecting state, and doesn't show any error. Also I've sniffed the internal port on the UAC using TCPdump and I can see radius packages between the UAC (10.10.1.150) and the Dlink switch (10.10.1.156) which means they are comunicating.

 

Highlighted
Regular Contributor

Re: Accomplish Vlan assignment with Dlink switch

Reviewing the IC logs, the authentication sequence is never getting completed. I could see that IC is sending a Radius Challenge to the D-Link/Client but no response is received thereafter. This is causing the issue.

A quick check on multiple instances of authentication in the logs, it seems all the authentication sequences are stuck at the same stage of Radius Challenge.

 

The issue needs more investigation from the switch side and client side to see why the authentication is not getting completed.

Can you upload a detailed Pulse log as well, I wanted to try and look for anything obvious in the Pulse log for this stuckness.

 

Thanks

Highlighted
Occasional Contributor

Re: Accomplish Vlan assignment with Dlink switch

IÇve attached the Junos Pulse logs.

Note: The only conguration I did in the switch was to enable dot1x and configure a trunk port so the switch can see all the Vlans in my network.

 

Thanks

 

Giulianna 

Highlighted
Regular Contributor

Re: Accomplish Vlan assignment with Dlink switch

The pulse logs does not seem to be @ detailed Level ? Can you ensure Pulse --> File --> Logs --> Log level detailed is checked and then collect the logs after replicating the failure.

 

Thanks

Highlighted
Occasional Contributor

Re: Accomplish Vlan assignment with Dlink switch

Ok, IÇve attached the detailed logs, also i checked the configuratioin of the UAC by authenticating the users with my juniper switch, and everything seems to be ok. But still ave the same problem with the Dlink switch.

I hope you can help me.