Hi,
I've a XIQ-SE latest version ( 22.9.13.5) and a Fabric Engine switch also latest version (8.9).
I've problem with the Radius Attribute Extreme VOSS - Per-User-ACL and auto-sense feature on the access ports.
My configuration follow.
Client is connected to port 1/24 of this switch that is in auto-sense enable mode:
The switch has auto-sense parameters configured:
And radius is configured:
EAPOL is enabled at global level
When client is connected to this port, the host is correctly authenticated by Radius
And policy seems to be applied
But I don’t see the VLAN correctly applied to the port but only the auto-sense data vlan.
If now I try to login with a user and dynamically assign vlan id 50 and i-sid 2000050, I see in the switch console:
So seems that first is correctly authenticated, but immediately un-authenticated and then mac authenticated and in my policy must be assigned in this case vlan id :4 and i-sid: 2000004, as shown in the NAC:
But in reality nothing happens on the port of the switch:
I’ve also tried to enable trace debug of eapol in this port and use a different logon User (Insegnante1) with vlan id: 196 and i-sid: 2000196 (the same as applied from auto-sense data), but also the debug don’t point me in the right direction for solve the problem, I only see authenticated and un-authenticated messages and mac authentication that follow for this client.
Instead with Switch engine and proper configurations all works well.
As other test, Iv've tried n VOSS to use flex-uni instead of auo-sense configuration on the port, and in this case the 802.1x authentication works well, the problems are with the FILTER that give the following error when try to change the dynamic-acl-name from the previous one:
So the ACL rules are present on the switch but show me the previous acl name "Unregistered" instead of the ACL name applied to the user that is named "Insegnanti"
Why this happens and how solve?
