This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dynamic VLAN Assignment with NPS and EXOS Not Working

Dynamic VLAN Assignment with NPS and EXOS Not Working

Go to solution
Ahmed_101
New Contributor III

‎02-24-2025 10:06 AM

Hello everyone,

I'm setting up a lab where a Windows Server (running NPS) is connected to an EXOS switch. My goal is to configure dynamic VLAN assignment via 802.1X.

I have successfully implemented 802.1X authentication using a username and password, and it works as expected. However, dynamic VLAN assignment is not working.

I've configured the following RADIUS attributes in the NPS network policy:

Tunnel-Medium-Type = 802 (Ethernet

Tunnel-Pvt-Group-ID = 10 (VLAN ID)

Tunnel-Type = VLAN

Additionally, I followed the vendor-specific attribute configuration outlined in https://extreme-networks.my.site.com/ExtrArticleDetail?an=000081809 , but it didn't work.

Any guidance or troubleshooting tips would be greatly appreciated!

Thanks in advance!

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Gabriel_G
Extreme Employee

‎02-28-2025 10:17 AM - edited ‎02-28-2025 10:35 AM

Hi Ahmed,

Check out this article:
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000079334

The key points being:
A) You need to enable 'vlanauthorization' which will allow the Tunnel Attribute VLAN to be dynamically created as well as dynamically assigned.

B) You must also change the maptable response to 'tunnel' or 'both'. By default, the switch will try to follow the RADIUS attribute "filter-id" for use with policy profiles. Changing the maptable to 'tunnel' or 'both' will allow the switch to accept the Tunnel attributes as well.

Hope that helps!

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
Ahmed_101
New Contributor III

‎02-28-2025 10:28 AM

Thank you

Go to solution
Gabriel_G
Extreme Employee

‎02-28-2025 10:17 AM - edited ‎02-28-2025 10:35 AM

Hi Ahmed,

Check out this article:
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000079334

The key points being:
A) You need to enable 'vlanauthorization' which will allow the Tunnel Attribute VLAN to be dynamically created as well as dynamically assigned.

B) You must also change the maptable response to 'tunnel' or 'both'. By default, the switch will try to follow the RADIUS attribute "filter-id" for use with policy profiles. Changing the maptable to 'tunnel' or 'both' will allow the switch to accept the Tunnel attributes as well.

Hope that helps!

0 Kudos

Go to solution
marconet_22
New Contributor III
In response to Gabriel_G

8 hours ago - last edited 8 hours ago

Hi 

I have similar issue. 

VLAN is created to the switch 

vlan is assigned to port as untagged

But it can't get ipaddress from DHCP.

Strange log is: 

11/25/2025 14:04:41.93 <Info:nl.ClientAuthenticated> Network Login 802.1x user sale01 logged in MAC 5C:60:BA:61:63:D7 port 1 VLAN(s) "SYS_VLAN_0022" policy "Not Applicable", authentication Radius

Output of netlogin session:

Multiple authentication session entries
---------------------------------------

Port : 1 Station address : 5c:60:ba:61:63:d7
Auth status : success Last attempt : Tue Nov 25 14:04:41 2025
Agent type : dot1x Session applied : true
Server type : radius VLAN-Tunnel-Attr : None
Policy index : 0 Policy name : Policy Disabled
Session timeout : 0 Session duration : 0:14:54
Idle timeout : 1800 Idle time : 0:00:00
Auth-Override : disabled Termination time : Not Terminated

0 Kudos
GTM-P2G8KFN