Extend the L2 VLAN multi-site WAN

Similar Questions

• What is the Kingdom of multi site profile

  Hi all

  What is an average of Kingdom to ATG? What is the role of the Kingdom in Multi site profile? I went through the docs of the ATG, but I was not able to understand the exact meaning.

  A profile can be associated with a site using profile Kingdom. that means him.

  Thank you

  TT

  Trade Oracle ATG Web - profile realms, it looks like realms of profile allow you to have a single account for multiple sites or allow you to have an account for a group of sites, but not another.

  For example, if you have 3 sites (electronic website, clothing and kitchen utensils Site), you can create a profile named welcome the Kingdom of goods Kingdom that has electronic Site and kitchen utensils and a Kingdom called Kingdom of clothes clothing Site containing profile. If a user creates an account on the website, the account will allow you to connect on the Site of kitchen utensils, but not the Site of clothing because the site of kitchenware is in the same domain and clothing is not. To connect on clothing, you need to create an account on a site in this area.

  Thank you

  Joe

• Commissioning for lack of Exchange because of the latency in Multi Site domain controllers

  Hi all

  I use using the OIM 11 g R2 PS2 BP04 with AD-connector version (11.1.1.6.0 & AD 2010) and the Version of the Exchange Connector (11.1.1.6.0 & Exchange 2010) and its installed on RHEL 6.5. We have 20:00 domain controllers and each of them is in a different site. Here is the list of domain controllers:

  DC-host1,DC-HOST2,DC-site2-host1,DC-SITE3-host1,DC-SITE4-host1...etc

  We use automatic configuration AD access strategies and resources the user Exchange and configured as domain controllers in AD IT resource:

  DC-HOST1 - primary

  DC-HOST2 - secondary

  AD resource provisioning works fine however when IOM tries to configure exchange to the user, its failure due to the latency issue b & w AD different Site of the domain controller. For example, "PRODTESTUSER12" is implemented successfully in AD and when IOM tries to configure exchange for this user, exchange server search for any available domain controller search for the user. It randomly selects an AD domain controller, I say DC-SITE2-HOST1 to search for the user. Since this domain contorller is on another site and it is latency, its not able to find the user of this domain controller, this is why available exchange fails for this user. See the below error:

  Target class = oracle.iam.connectors.icfcommon.prov.ICProvisioningManager

  < 21 may 2015 23:10:06 CEST > < error > < ORACLE. IAM. CONNECTORS. ICFCOMMON. Prov. ICPROVISIONINGMANAGER > < BEA-000000 > < oracle.iam.connectors.icfcommon.prov.ICProvisioningManager: createObject: error while creating user

  java.lang.RuntimeException: the operation could not be performed because the object 'PRODTESTUSER12' could not be found on 'anc-dc2k8 - 01.wssc.ad.root'.

  We have not specified this domain either under AD controller or Exchange resources.

  n Connector logs, I can see below: 22/05/2015-10:55:19 < INFORMATION >: class-> Org.IdentityConnectors.Exchange.RemoteRunspaceInstance-> InvokeScript method, Message-> enter the method

  
  22/05/2015-10:55:19 < VERBOSE >: class-> Org.IdentityConnectors.Exchange.RemoteRunspaceInstance,-> InvokeScript method, Message-> Script: Set-ADServerSettings - ViewEntireForest: $true; Get-User "PRODTESTUSER21" - ReadFromDomainController

  I think, because of this script, Exchange Server recovers first of any domain controller available to search for the user. Yes, is there a way to restrict or put domain controller's favorite?

  

  There is a hotfix available for this problem. Here are the details:

  Patch 19692488: APPLICATION of MERGER on top of 11.1.1.6.0 FOR the BUGS 18310438 19478076

  Bugs resolved by this fix

  UPDATED EXCHANGE CONNECTOR SMTP PRIMARY ADDRESS 16813315 PROBLEM

  17949931 DELAY IN EXCHANGE / COMMISSIONING

  19478076 WITH REGARD TO THE EXCHANGE OF SUPPLY FAILURES.

  Concerning

  Suren

• How does the option of multi site

  I realize that Muse is not true "adapted" and you need to create a version for each platform, so how this work?

  Lets say I created a desktop, Tablet, and the mobile version of my site. How to publish the project so that all three versions are active and how he treats people visiting the site on these platforms. Typo www.acme.com via mobile phone, for example, will take me to the correct version or is at - it a transmission, a code injection should be done to take the visitor to the correct site or are the three versions actually three completely separate versions?

  Hi Christian,

  Versions for desktop, phone and Tablet for a single site will be in the same file of muse. So, if the site will be accessible on any device, it will be automatically identified and appropriate version will be displayed.

  Is attached a screenshot of the plan view to add the phone and tablet on the site.

  

  Kind regards

  Neha

• The multi site bookmark

  Is it possible to insert a bookmark of the multi site? For example, a click opens 8 sites/tabs. If so, how is this installer?

  To avoid confusion: http://kb.mozillazine.org/JavaScript_is_not_Java

  {Ctrl + click} works like the Middle-click.

• Satellite Pro S300 - cannot extend the desktop to an external monitor

  Hello
  I have a Satellite Pro S300 and it won't extend the desktop to an external monitor / projector, but it will clone the desktop?

  so far I have tried:
  2 instructors and 1 projector all do the same thing, will clone but not extend.
  Reinstall the latest drivers to display on the Toshiba site.
  Reinstall the latest drivers of change on the Toshiba site.

  But nothing worked, I even checked my S300 colleagues to make sure that I use the same parameters and their (of 2 other s300) extend and clone office.

  Has anyone seen this before and how solve you the problem?

  Paul

  Did you first remove the old driver before you install the new driver? If this is not the case, try to reinstall the driver again. Therefore, to remove the old driver, restart the computer, use CCleaner to clean the registry and install the new version you can find on the Toshiba site.

  More I would try updating the BIOS. You can find it on the Toshiba site too.

  I hope it works for you.

• WHEN YOU USE THE CONSTRUCTOR OF MY SITE, I CAN'T COPY AND PASTE WROTE THE BROWSER SECURITY SETTINGS HOW TO NOT CHANGE THESE FOR ME TO COPY / PASTE?

  WHEN YOU USE THE CONSTRUCTOR OF MY SITE, I CAN'T COPY AND PASTE WROTE THE BROWSER SECURITY SETTINGS HOW TO NOT CHANGE THESE FOR ME TO COPY / PASTE?

  https://support.Mozilla.com/en-us/KB/granting+JavaScript+access+to+the+Clipboard

  This extension will help you implement the security policies for access to the Clipboard.
  
  Allow the extended Clipboard support:
  
  https://addons.Mozilla.org/en-us/Firefox/addon/852

• How to extend the range of my Airport Extreme Base Station (802. 11 a, c) using a relay of Airport Express (802.11n).  Airport Utility (V635.2) says that this version does not support the relay.  That is what it is?

  How can I extend the range of my Airport Extreme (802. 11 a, c) using an Airport Express (802.11n) point.  Airport (V635.2) utility does not recognize the Express on its screen?  I have to buy equipment?  I'm on a MacPro OS X 10.10.5.  Thank you.

  AirPort utility that ships with OS X 10.10.5 supports base stations as 802.11ac & 802.11n AirPort. It should be able to configure both of your base stations for a scope (wireless connected base stations) or roaming types (base station connected Ethernet) wireless networks.

  When you initially configure the Wan, it helps to keep the two base stations in the same room. Once configured, you can move the base station that extend to the desired location. The important key is that the final positioning of the station that extends the base must be understood that it's to expand in order to maintain sufficient bandwidth to the station remotely for clients from network connected. Please check the following airport user tip for more details.

• How can I extend the warranty of my phone online?

  Hello

  I would like to know how to extend the warranty on my phone online? My PC model: Compaq 620 Energy Star, product no.-XP866PA, country-India. Unable to get all the details on the site. My 1 year warranty expires the 10th of this month & I want to get a 2-year extended warranty plan.

  Help, please!

  Hello

  Click on the link below:

  Total Care for your HP laptop

• Where can I find the clock digital multi AGS for the vista sidebar?

  I recently had to smoothing on my computer and do a vista reload fee.  now, I'm trying to find the clock digital multi AGS (the most useful for the windows vista sidebar gadget was by far, in my humble OPINION).  Where can I find the clock digital multi AGS for the vista sidebar since microsoft went down the gadget site?

  Thank you

  Hello
   
  As the gadget site is down you can't find the clock digital multi AGS for the vista sidebar.

  You can check the link for help:

  http://Windows.Microsoft.com/en-us/Windows/downloads/personalize/gadgets
   

• LRT214 VLAN and site to site vpn

  Hello everyone, I am a bit new to the network of this aspect and was looking for some advice.  I am looking for several routers LRT214 to configure VPN site to site to our main office at 4 locations.  There are 2 VLANS and subnets - one for the network secure (vlan native 1) and one for comments wireless (vlan 2).  It is very good and works well for lan segregation locally.

  IPSEC tunnels do not pass the tags vlan, my question because I will be able to restrict traffic through the vpn tunnel to vlan 1 and deny traffic to vlan 2?

  It appears in the documentation that VPN traffic can be limited by IP address or the local subnet.  My concern is that if there is no way to bind or bridge to the VLAN selected, an adjustable static IP address on a device on the vlan 2 were part of the traffic permitted (vlan 1 range), and therefore cross the tunnel for devices vlan 1 on remote sites.

  Thanks for any input you can offer.

  Hi, seedtech. The VLAN used for the VPN is the default VLAN. So if a tunnel is created, it will cross through the default VLAN.

  Jay-15354

  Linksys technical support

• Having trouble getting the voice VLAN on the switch X1052P to work at all

  Can someone help me understand how to set up the voice VLAN X1052P? I spent several hours trying to get this working and it does not work. I spent about 4 hours on the phone with a Dell technician that night and he couldn't get it to work and finally gave up. He told me that I had to spend my warranty to ProSupport because he did not know how to solve the problem. What group of *. It's a simple configuration of VLAN. What must be so picky about? In any case...

  Setting up the VIRTUAL LAN must be fairly simple, but apparently on this switch is not. The user guide page 406 is not very useful except explaining what the different options. I must admit I am not an expert VLAN so I dunno I've misconfigured something. But remember, Dell technology could not operate either.

  Here's my situation... I have VoIP phones on my network connected to a network wall jack. Connected to phones are my computers of users. The computer of the user and its respective VoIP phone, both share the same data cable. Before replacing Cisco managed Internet service provider spend all it worked well. The problem is that they had direct access to our network so I removed the switch and installed the X1052P in its place. I talked to the ISP to let them know what I'm doing and they said everything I had to do was setup VLAN ID: 15 for the voice VLAN because this is the VLAN ID that the router uses to route telephone traffic. Router PSI is also the server DHCP VLAN 15 and issues IP for phones using 172.27.0.0/24 with a DHCP 172.27.0.50 range - 150.

  I tried to configure the switch using parameters of VLAN static and settings VLAN voice and neither one also seems to do what I want it to do.

  Network administration > VLAN > VLAN static

  Network administration > VLAN > Voice VLAN

  I activated the profile 'phone' on ports I want to added to the voice VLAN and it does not work. Moreover, 47 the switch port is connected directly to the ISP router and is configured as a trunk with the default port VLAN 1 unidentified and tag VLAN 15. For other ports I tried the general implementation, access and trunk of the parameters on each port to see if I could get something going and still nothing happens. When I set up the ports as General ports VLAN, I made adding VLAN VLAN 1 and VLAN 15 as a VLAN tagged not marked. It still does not.

  This is the short story from where I am now. Any help is greatly appreciated.

  FYI, as a follow up I finally solved the problem. I hope this information helps someone else that can encounter the same problem.

  After buying the ProSupport warranty upgrade ($121 out-of-Pocket mind you) and addressing a total of 4 technicians ProSupport expert technician a 3rd another level (only available via chat message between one of the ProSupport phone technicians and the 3rd Tier expert tech - i.e. I couldn't talk or chat with this person me) the consensus was that the material must be bad. When I bought the X1052P I bought two of them, so the best way to know if it was a bad switch was simply configure the other switch and see if the behavior occurs on this one, too. Well, this switch also restarted each time I assigned the profile 'phone' to more than 13 or 14 ports in the switch. It seems that it was not a hardware problem after all.

  I went back to the switch original and tried new things hoping that I could fall on a solution and it turns out that the solution was NOT to use the voice VLAN on the switch. It does not work!

  SOLUTION: I set the VLAN ID: 15 manually and no has not assigned any phone profiles to one of the ports. This is how I solved the problem.

  So he has bad software on the switch. I tried to see if there are updates of the firmware on the Dell support site, but there is none. Configure manually the phone VLAN was the solution. What a freaking nightmare which turned out to be. Maybe someone in Dell could note this problem and test in-house. And, if you want to compensate me for the 20 + hours I spent working on this problem, which has be great, too.

• Impossible to extend the desktop to a secondary monitor

  Hello

  So I recently bought a new monitor, I have already been operating my TV.
  But now I want to be able to extend the display on my desk while watching TV on the internet, I can just do drag to my TV and sit on the couch instead of having to sit in front of my screen.
  I go to the screen resolution, and it detects that the two monitor are connected. The monitor (1920 x 1080) is connected to the TV (1280 x 720) with HDMI DVI.
  The two are connected by the GPU.
  But when I click on extend the desktop and then try to save an error message appears telling me that it is impossible to save these changes.
  I don't know what the problem is, the two screens are connected, the two works but I can not extend the display.
  My GPU is a 6950 Gigabyte, and it is updated to the latest drivers.
  If anyone can help solve me this problem I would be very grateful.
  Thank you

  Hello

  Error message "Cannot save the display settings" shows essentially that you try to extend or duplicate the Office for external monitors.  I suspect that the problem occurs because the computer remembers the two configuration for your extended monitor and TV.  To extend your monitor, you must delete the multiple configurations for your computer, then extend your display by changing your display settings. To do this, proceed as follows:

  The Troubleshooting Manual in the link above steps show you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs.

  For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base:

  http://support.Microsoft.com/kb/322756/

  Remove the registry key.

  a. press Win + R to open a run dialog box.

  b. in the run box, type regeditand then click OK.

  c. look for the following registry subkey:

  d. HKEY_CURRENT_USER\Software\Microsoft\MobilePC\TMM

  e. right click on the subkey, and then click Remove.

  f. When you are prompted to confirm the delete operation, click Yes.

  g. on the file menu, click exit to quit the registry editor.

  Log off the computer. Then, connect to the computer.

  Extend your display by changing the display settings.
  a. open the screen resolution by clicking on the Start button, click Control Panel, and then under appearance and personalization, click adjust screen resolution.
  b. click on the drop down next to several screens, click extend these screens and then click OK.

  For more information, see these articles.
  Move windows between multiple monitors
  http://Windows.Microsoft.com/en-us/Windows7/move-Windows-between-multiple-monitors

  Work and play better with multiple monitors
  http://Windows.Microsoft.com/en-us/Windows7/work-and-play-better-with-multiple-monitors

• Cannot ping hosts on the same vlan on the 2 switches.

  Hey guys so I create my own network in Packet Tracer 6.3. While the hosts can ping others on the same switch 2960 and VLAN, they are unable to ping a host on another switch in the same VLAN. For example. Josh PC on S1 (192.168.10.10) cannot ping PC Doge on S2 (192.168.10.13). I'm sure that they are on the same subnet, so I thing it is a problem of junction...

  S1:

  S1 #show ip int br

  Interface IP-Address OK? Method State Protocol

  FastEthernet0/1 unassigned YES manual up up

  FastEthernet0/2 unassigned YES manual up up

  FastEthernet0/3 unassigned YES manual up up

  FastEthernet0/4 unassigned YES manual up up

  FastEthernet0/5 unassigned YES manual administratively down down

  FastEthernet0/6 unassigned YES manual administratively down down

  FastEthernet0/7 unassigned YES manual administratively down down

  FastEthernet0/8 unassigned YES manual administratively down down

  FastEthernet0/9 unassigned YES manual administratively down down

  FastEthernet0/10 unassigned YES manual administratively down down

  FastEthernet0/11 unassigned YES manual administratively down down

  FastEthernet0/12 unassigned YES manual administratively down down

  FastEthernet0/13 unassigned YES manual administratively down down

  FastEthernet0/14 unassigned YES manual administratively down down

  FastEthernet0/15 unassigned YES manual administratively down down

  FastEthernet0/16 unassigned YES manual administratively down down

  FastEthernet0/17 unassigned YES manual administratively down down

  FastEthernet0/18 unassigned YES manual administratively down down

  FastEthernet0/19 unassigned YES manual administratively down down

  FastEthernet0/20 unassigned YES manual administratively down down

  FastEthernet0/21 unassigned YES manual administratively down down

  FastEthernet0/22 unassigned YES manual administratively down down

  FastEthernet0/23 unassigned YES manual administratively down down

  FastEthernet0/24 unassigned YES manual administratively down down

  GigabitEthernet0/1 unassigned YES manual down down

  GigabitEthernet0/2 unassigned YES manual down down

  Vlan1 unassigned YES manual administratively down down

  Vlan2 unassigned YES manual downwards upwards

  Vlan10 unassigned YES manual up up

  S1 #show interface f0/1 switchport

  Name: Fa0/1

  Switchport: enabled

  Administrative mode: trunk

  Operational mode: trunk

  Encapsulation of administrative circuits: dot1q

  Operational Trunking encapsulation: dot1q

  Trunking negotiation: Off

  The VIRTUAL LAN access mode: (default) 1

  Native mode VLAN Trunking: 2 (native)

  The voice of VLAN: no

  Private-vlan host association Directors: no

  Mapping of private - vlan management: no

  Private-vlan trunk administration VLAN native: no

  Private - vlan administration trunk encapsulation: dot1q

  Private-vlan trunk administration VLAN normal: no

  Private-vlan trunk administration private VLAN: no

  Private-vlan operational: no

  VLAN Trunking enabled: ALL

  Pruning VLANS enabled: 2-1001

  Capture Mode disabled

  Capture VLAN allowed: ALL

  Protected: false

  The unit trust: no

  S1 #show vlan br

  Ports of status for the name of VLAN

  ---- -------------------------------- --------- -------------------------------

  1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8

  Fa0/9, Fa0/10, Fa0/11, Fa0/12

  FA0/13, Fa0/14, Fa0/15, Fa0/16

  FA0/17, Fa0/18, Fa0/19, Fa0/20

  FA0/21, Fa0/22, Fa0/23 and Fa0/24

  Gig0/1, Gig0/2

  2 active native

  5 active

  10 active VLAN0010 Fa0/2, Fa0/3, Fa0/4

  active by default fddi 1002

  assets of token-ring-default 1003

  1004 fddinet - default active

  1005 trnet - default active

  Trunk interface #show S1

  VLAN Mode Encapsulation native port State

  FA0/1 on 802. 1 trunking q 2

  Port VLAN allowed on trunk

  5,10,20 FA0/1

  Port VLAN authorized and active in the field of management

  FA0/1 5,10

  VLAN port extending on transmission State and no tree pruned

  FA0/1 5,10

  S1 #show mac-address-table

  Mac address table

  -------------------------------------------

  VLAN Mac Address Type Ports

  ---- ----------- -------- -----

  5 00d0.d37a.ed01 DYNAMICS Fa0/1

  S2:

  S2 #show ip int br

  Interface IP-Address OK? Method State Protocol

  FastEthernet0/1 unassigned YES manual up up

  FastEthernet0/2 unassigned YES manual up up

  FastEthernet0/3 unassigned YES manual up up

  FastEthernet0/4 unassigned YES manual up up

  FastEthernet0/5 unassigned YES manual administratively down down

  FastEthernet0/6 unassigned YES manual administratively down down

  FastEthernet0/7 unassigned YES manual administratively down down

  FastEthernet0/8 unassigned YES manual administratively down down

  FastEthernet0/9 unassigned YES manual administratively down down

  FastEthernet0/10 unassigned YES manual administratively down down

  FastEthernet0/11 unassigned YES manual administratively down down

  FastEthernet0/12 unassigned YES manual administratively down down

  FastEthernet0/13 unassigned YES manual administratively down down

  FastEthernet0/14 unassigned YES manual administratively down down

  FastEthernet0/15 unassigned YES manual administratively down down

  FastEthernet0/16 unassigned YES manual administratively down down

  FastEthernet0/17 unassigned YES manual administratively down down

  FastEthernet0/18 unassigned YES manual administratively down down

  FastEthernet0/19 unassigned YES manual administratively down down

  FastEthernet0/20 unassigned YES manual administratively down down

  FastEthernet0/21 unassigned YES manual administratively down down

  FastEthernet0/22 unassigned YES manual administratively down down

  FastEthernet0/23 unassigned YES manual administratively down down

  FastEthernet0/24 unassigned YES manual administratively down down

  GigabitEthernet0/1 unassigned YES manual down down

  GigabitEthernet0/2 unassigned YES manual down down

  Vlan1 unassigned YES manual administratively down down

  Vlan2 unassigned YES manual downwards upwards

  Vlan5 unassigned YES manual up up

  Vlan10 unassigned YES manual up up

  Vlan20 unassigned YES manual up up

  Vlan99 unassigned YES manual administratively down down

  S2 #show interface f0/1 switchport

  Name: Fa0/1

  Switchport: enabled

  Administrative mode: trunk

  Operational mode: trunk

  Encapsulation of administrative circuits: dot1q

  Operational Trunking encapsulation: dot1q

  Trunking negotiation: on

  The VIRTUAL LAN access mode: (default) 1

  Native mode VLAN Trunking: 2 (native)

  The voice of VLAN: no

  Private-vlan host association Directors: no

  Mapping of private - vlan management: no

  Private-vlan trunk administration VLAN native: no

  Private - vlan administration trunk encapsulation: dot1q

  Private-vlan trunk administration VLAN normal: no

  Private-vlan trunk administration private VLAN: no

  Private-vlan operational: no

  VLAN Trunking enabled: ALL

  Pruning VLANS enabled: 2-1001

  Capture Mode disabled

  Capture VLAN allowed: ALL

  Protected: false

  The unit trust: no

  S2 #show vlan br

  Ports of status for the name of VLAN

  ---- -------------------------------- --------- -------------------------------

  1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8

  Fa0/9, Fa0/10, Fa0/11, Fa0/12

  FA0/13, Fa0/14, Fa0/15, Fa0/16

  FA0/17, Fa0/18, Fa0/19, Fa0/20

  FA0/21, Fa0/22, Fa0/23 and Fa0/24

  Gig0/1, Gig0/2

  2 active native

  5 active

  10 VLAN0010 active Fa0/4

  20 VLAN0020 active Fa0/2, Fa0/3

  active by default fddi 1002

  assets of token-ring-default 1003

  1004 fddinet - default active

  1005 trnet - default active

  S2 #show mac-address-table

  Mac address table

  -------------------------------------------

  VLAN Mac Address Type Ports

  ---- ----------- -------- -----

  2 0030.f2c1.94e5 STATIC Fa0/1

  2 0060.5c83.3401 STATIC Fa0/1

  10 0002.4ae9.6964 STATIC Fa0/4

  10 0060.5c83.3401 STATIC Fa0/1

  20 0009.7c9a.a134 STATIC Fa0/2

  ----------------------------------------------------------------------------------

  Let me know what I missed here. All connections are made with a straight through cable.

  See you soon

  Josh

  Try to remove the S2 switchport port-security:

  interface FastEthernet0/1
   no switchport port-security

• MAB authentication fails on the port of multi-domain: dead result of authentication "server."

  Hi all

  First of all, I have no experience with the configuration of Cisco switches (about half a year now) but I read loads and loads of documentation.

  I am trying to configure several areas (MDA) authentication on our Cisco switches using mab and spin into something strange. Currently, single mab is asked by my employer.

  Switch = 48-3560G IOS version 12.2 (55) SE1

  RADIUS = Freeradius (version 2.1.10)

  http://www.Cisco.com/en/us/docs/switches/LAN/catalyst3560/software/release/12.2_55_se/configuration/guide/swiosfs.html is my bible

  On port Gi0/29 a Cisco 7961 IP phone is connected and plugged into the phone that a laptop is connected

  The switch configuration:

  AAA new-model
  !
  Group AAA dot1x default authentication RADIUS
  Group AAA authorization network default RADIUS
  AAA accounting delay start
  start-stop radius group AAA accounting dot1x default
  start-stop radius group AAA accounting network default
  !

  interface GigabitEthernet0/29
  235 a description
  switchport access vlan 4
  switchport mode access
  switchport voice vlan 2
  load-interval 30
  bandwidth share SRR-queue 10 10 60 20
  queue-series 2
  priority queue
  action retry authentication event 0 failure allow vlan 7
  action of death event authentication server allow vlan 4
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  Auto control of the port of authentication
  restrict the authentication violation
  MAB
  Auto qos voip cisco-phone
  spanning tree portfast
  service-policy input AutoQoS-Police-CiscoPhone
  !

  dead-criteria 5 tent 5 times RADIUS server
  RADIUS-server host 10.1.1.24 auth-port 1812 acct-port 1813
  RADIUS server key 7 xxx
  RADIUS vsa server send accounting
  RADIUS vsa server send authentication

  Radius response: (for the full reply see attached RADIUS - response.txt)

  Sending acceptance of access to the port id 98 to 10.1.1.207 1645
  Cisco-AVPair = "Tunnel-Type = VLAN.
  Cisco-AVPair = "Tunnel-Medium-Type = 802.
  Cisco-AVPair = "Tunnel-private-Group-ID = 7.
  Cisco-AVPair = "Tunnel-preference.

  That's why access accept with assignment data VLAN

  Debugging on the switch :

  001776: * Mar 1 09:27:35.606: mab-ev(Gi0/29): context MAB received create from AuthMgr
  001777: * Mar 1 09:27:35.606: mab-ev(Gi0/29): MAB authorizing MACAddress
  001778: * Mar 1 09:27:35.606: mab-ev(Gi0/29): client context created MAB 0x2200000F
  001779: * 09:27:35.606 Mar 1: mab: State has original mab_initialize enter
  001780: * Mar 1 09:27:35.606: mab-ev(Gi0/29): sent to create a new context of EAP of MAB to 0x2200000F (MACAddress) event
  001781: * Mar 1 10:27:35.606 THIS: % AUTHMGR-5-START: start "mab" for the customer (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001782: * Mar 1 09:27:35.606: mab-sm(Gi0/29): the event received 'MAB_CONTINUE' on the 0x2200000F handle
  001783: * 09:27:35.606 Mar 1: mab: during the mab_initialize State, had 1 (mabContinue) event
  001784: * 09:27:35.606 Mar 1: @ mab: mab_initialize-> mab_authorizing
  001785: * Mar 1 09:27:35.606: mab-ev(Gi0/29): MAC-AUTH-BYPASS boot for 0x2200000F (MACAddress)
  001786: * Mar 1 09:27:35.614: mab-ev(Gi0/29): MAB received a Reject Access for 0x2200000F (MACAddress)
  001787: * Mar 1 10:27:35.622 THIS: % MAB-5-FAIL: failure of authentication for the client (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001788: * Mar 1 09:27:35.622: mab-sm(Gi0/29): the event received 'MAB_RESULT' on the 0x2200000F handle
  001789: * 09:27:35.622 Mar 1: mab: during the mab_authorizing State, had 5 (mabResult) event
  001790: * 09:27:35.622 Mar 1: @ mab: mab_authorizing-> mab_terminate
  001791: * Mar 1 09:27:35.622: mab-ev(Gi0/29): removed the credentials of 0x2200000F (dot1x_mac_auth_MACAddress) profile
  001792: * Mar 1 09:27:35.622: mab-ev(Gi0/29): AuthMGR for MACAddress sending event (2)
  001793: * Mar 1 10:27:35.622 THIS: % AUTHMGR-7-RESULT: result "dead server" authentication "mab" for the customer (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001794: * Mar 1 10:27:35.622 THIS: % AUTHMGR-5-VLANASSIGN: VLAN 4 assigned to Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001795: * Mar 1 10:27:36.512 THIS: % AUTHMGR-5-SUCCESS: authorization succeeded for client (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC

  So RADIUS returns an Access_Accept and the switch treats it as a rejection of access and little esteem RADIUS as dead.

  Help would be appreciated!

  Chris

  Hi Chris,

  In response to your last post, assignment of vlan dynamic could be achieved with the help of the IETF RADIUS attributes according to the link:
  http://Tools.Cisco.com/Squish/d1791

  or using the pair of cisco-av according to the link:
  http://Tools.Cisco.com/Squish/8Bd61

  As for free using the Radius and cisco-av pairs. Please can you activate debug on switch output and reproduce the problem with the attempt to authentiation of customer:
  Debug RADIUS
  Debug authentication of all the
  debug functionality of authentication all

  As a result the customer authentication event, also benefit from the following switch:
  display the interface authentication sessions

  I met problems with respect to the case of the pair of cisco-av. assignment of vlan for example work using the sensitive tiny "tunnel-private-group-id (# 81) = vlanid ' instead of ' tunnel-private-group-ID (# 81) = vlanid.

  When testing with the 'tunnel-private-group-ID(#81) = vlanid', I get an error:

  RADIUS/DECODE: parse cisco unknown vsa 'tunnel-private-group-ID' - FAIL

  So the 2nd link, with the changes:
  Cisco-avpair = "tunnel-type(#64) = VLAN (13).
  Cisco-avpair = "tunnel-medium-type(#65) = 802 media (6).
  Cisco-avpair = "tunnel-private-group-id(#81) = vlanid.

  If you still have a question, please include the output of debug/display above which will shed light on the problem.

  Thank you
  Alex