VLAN-Tunnel-Attr change on reauthentication has no effect

  • 0
  • 1
  • Problem
  • Updated 4 years ago
  • In Progress
  • (Edited)
Say the VLAN-Tunnel-Attr as previously returned by Radius is X.
We change the Radius config to return Y.
After reauthentication (via "set macauth macreauthenticate MACADDRESS") we correctly see  the new VLAN-Tunnel-Attr Y using "show vlanauth session" etc.
However the device apparently still is in the old VLAN X. (still pings)
When I disable/enable the port, the VLAN is set alright according to the current Radius setting to Y. (device no longer pings (which is normal since here Y is an isolated VLAN)
Is this normal that I have to port down/up, and that reauth has no effect here?

(C3 6.61.13)

UPDATE Seems to behave that way only when either VLAN X or Y is set as the static PVID for that port too. Why do I do that? Well, I don't want to completely rely on Radius. I want to have all connections working even if Radius is not there, except for MACs that I specifically like to "blackhole" which I would do by a Radius-Accept with a "blackhole" VLAN. (In essence the static PVID is the default/fallback VLAN in case all else fails.)
Photo of jeronimo


  • 1,428 Points 1k badge 2x thumb

Posted 4 years ago

  • 0
  • 1

Be the first to post a reply!