So I have a NAC policy that identifies Credit Card Machines and assigns them to a specific VLAN (550) and this works great IF THE VLAN IS ALREADY created on the switch. If the VLAN does not exist I get the following:
1 2023-01-31T12:03:55.127-05:00 Warehouse_1Fl_Rm1101D_SW1 CP1 - 0x000e85f3 - 00000000 GlobalRouter EAP WARNING Cannot apply Radius VLAN:ISID attribute on non-Flex UNI port 1/15 for MAC 51:44:32:20:09:32.
1 2023-01-31T12:03:55.127-05:00 Warehouse_1Fl_SW1 CP1 - 0x000e85f7 - 00000000 GlobalRouter EAP INFO Ignore VLAN:I-SID binding on non-Flex UNI port 1/15.
1 2023-01-31T12:03:55.127-05:00 Warehouse_1Fl_SW1 CP1 - 0x000e858f - 00000000 GlobalRouter EAP WARNING VLAN 550 returned by RADIUS server for port 1/15 does not exist.
Radius Attributes to Send:
Tunnel-Private-Group-Id=%VLAN_ID%:%VLAN_TUNNEL_TAG%
Tunnel-Type=13:%VLAN_TUNNEL_TAG%
Tunnel-Medium-Type=6:%VLAN_TUNNEL_TAG%
Passport-Access-Priority=%MGMT_SERV_TYPE%
FA-VLAN-Create=1
FA-VLAN-ISID=0:%CUSTOM1%
%ORG1_RADIUS_ATTRS_LIST%
%CUSTOM1%
Any ideas as to why the switch wouldn't dynamically create this VLAN/I-SID combination?
As always, thanks!
Tim
