Port Locked on authvlan

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Mar 25 2013 1:17PM

Hello,

i had a big trouble in my network.
i have a stack with 8 summitstack 450e with netlogin configuration shown as below:

#
# Module netLogin configuration.
#
configure netlogin vlan authvlan
enable netlogin dot1x mac
enable netlogin ports 1:5-14, 1:16-30, 1:32-36, 1:38-43, 1:45-46, 1:48, 2:1-2, 2:4-22, 2:24, 2:26-35, 2:37-48, 3:1-2, 3:4-19, 3:21-48, 4:1-39, 4:41-48, 5:1-20, 5:22-46, 5:48, 6:1-28, 6:30-33, 6:35-36, 6:38-47, 7:2-31, 7:33-36, 7:38-44, 7:46-47, 8:1-8, 8:10-46 dot1x

Configurantion of all ports are with:
configure netlogin ports 1:5 mode port-based-vlans
configure netlogin ports 1:5 no-restart

My AAA conf:

#
# Module aaa configuration.
#
configure radius netlogin primary server ***.***.***.*** 1812 client-ip ***.***.***.*** vr VR-Default
configure radius netlogin primary shared-secret encrypted ************************
enable radius netlogin

all ports belong to one untagged vlan, different from standard vlan default.
The authentication works well, but sometimes i need to connect some equipment who not support dot1x authentication, i connect the equipment before remove the authentication on the port and everytime when i remove the port from the current vlan, this port go to authvlan and i can not put in another, everytime i try to assign other vlan, display the mesage shown below:

Error: Protocol conflict when adding untagged port 5:21. Port 5:21 is already
untagged in vlan "authvlan".
Either add this port as tagged or assign another protocol to this VLAN.

Configuration failed on backup MSM, command execution aborted!

Then i remember that port has authentication configured and i remove the netlogin configuration from current port, but the problem persist!
Even the netlogin configuration disabled on the port, i cannot assign other untagged vlan.

Someone can help me with this problem?

I tried restart port, disable and re-enable, restart the netlogin process, but nothing works.

Sorry my bad english!
(from Augusto_Queiroz)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 25 2013 2:16PM

acqcaugusto, don't you need to disable netlogin from that port first?

(from ethernet)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 25 2013 2:30PM

Yes, but sometimes i forgot to disable netlogin  first and the port stay on authvlan :/
I need to know some way to assign another untagged vlan when this occur.
Another way that not be restart all stack or current node or disable netlogin globally because there are 300 users connected that will lost connection.

(from Augusto_Queiroz)

This conversation is no longer open for comments or replies.