SG300-28 Firmware 1.1.2.0 and 1.2.7.76 - Dynamic VLAN+freeRADIUS - Client get rejected

Similar Messages

• Managed subnet and dynamic vlans

  Hi all,
  I have confusion with managed subnet, we have 3 untrusted vlans, 9 trusted vlans and 3 separate vlans for vlan mapping. all vlans have different ip subnets, but untrusted vlans don’t have ip subnet, it will another vlan’s ip subnet so which vlan and which subnet ip should  I use for managed subnet?
  Here is the detail of vlan and ip
  Untrusted vlan               
  101      for floor 1         
  102     for floor 2              
  103 for floor    3               
  We have separate vlan for vlan mapping
  101 <-> 901            (172.30.1.0/24)
  102 <-> 902         (172.30.2.0/24)
  103 <-> 903         (172.30.3.0/24)
  In the initial phase untrusted client should get 172. 30.X.X range ip address from dhcp and for trusted clients they should get the ip address as per the trusted vlans as follows
  Trusted Vlan                              (ip subnet)
  501     for floor 1 sales dept     (192.168.1.0/24)     
  502     for floor 2 sale dept           (192.168.2.0/24)
  503    for floor 3 sales dept        (192.168.3.0/24)
  601 for floor 1 mkt dept          (192.168.4.0/24)
  602  for floor 2 mkt dept        (192.168.5.0/24)
  603 for floor 3 mkt dept        (192.168.6.0/24)
  701 for floor 1  admin dept      (192.168.7.0/24)
  702 for floor 2 admin dept      (192.168.8.0/24)
  703 for floor 3 admin dept     (192.168.9.0/24)
  And I need to configure dynamic vlan for all users. E.g. if user is from sales department and login from floor 1 trusted vlan should be 501 and if this user login from floor 2 then trusted vlan should be 502. Can anyone give me the configuration sample or ideas for this scenario?
  Thank you

  Laxman,
  Your managed subnets should be the IP range of 172.30.x.y (where y is a valid number and NOT the network number, i.e.0 or 255) with a VLAN tag of 101, 102 or 103.
  For ensuring that the VLANs translate properly according to where your users are, you can assing named VLANs in the role-based VLAN config screens. Make sure the case matches as you define them on the switch and CAM. So this way if a user is on first floor and his role-based assigned VLAN is Sales, it will translate to 501, etc
  HTH,
  Faisal

• WRT54GS - Updated my firmware to v1.52.8 and now it's extremely slow _

  Hi there, I decided to update my router firmware for the first time since I bought the thing 6 years ago. Before I updated the firmware I had an average ping to google.ca of 40ms, I am literally 2 feet from my router with an unobstructed view. Since the update to  v1.52.8 my ping to google.ca has jumped to 100ms. I've been testing this out all day to see if it was just a busy time of day but 8 hours later it's still the same. I played around with all the different frequencies, auto mtu, different manual mtu (1000-1500), different security settings (WPA2 is still the best) but to no avail.
  PLEASE can someone help me revert back to the original firmware
  I have searched high and low but can't find anything, thanks.
  Ben

  Ben88 wrote:
  Hi there, I decided to update my router firmware for the first time since I bought the thing 6 years ago. Before I updated the firmware I had an average ping to google.ca of 40ms, I am literally 2 feet from my router with an unobstructed view. Since the update to  v1.52.8 my ping to google.ca has jumped to 100ms. I've been testing this out all day to see if it was just a busy time of day but 8 hours later it's still the same. I played around with all the different frequencies, auto mtu, different manual mtu (1000-1500), different security settings (WPA2 is still the best) but to no avail.
  PLEASE can someone help me revert back to the original firmware
  I have searched high and low but can't find anything, thanks.
  Ben
  Hi Ben88, I don't think it's possible to downgrade the firmware to your old one. I also think that it is not safe. 

• My 3gs wont restore after ios 5 update. I have tried firmware restore and restore from backup, neither works. All I get is "iphone restore failed because backup session failed" Any ideas on how to make a successful restore with this ios 5 update?

  My 3gs wont restore after ios 5 update. I have tried firmware restore and restore from backup, neither works. All I get is "iphone restore failed because backup session failed" Any ideas on how to make a successful restore with this ios 5 update?

  I was having the same problem, I backed up my phone and then updated to iOS 5 and then it kept telling me it could not restore from my backup as it had failed.  After reading a bunch of forums and posts and trying everything, I did manage to get it to work.  I had tried the Time zone, creating a new computer user account, disabling anti-virus, etc.
  It took a combination of things, one of which was disabling the anti-virus completely and copying the contents of the backup folder to my desktop and then deleting everything in the backup folder.  Then I rebooted the PC, entirely disabled the anti-virus, copied the one backup I wanted to restore from the desktop to the backup folder and then trying to restore.  Low and behold the phone said restoring from backup and I am back in business, so when in doubt, trying combining some of the fixes together.

• Dynamic VLAN assignment on SG300

  Cisco documentation states that dynamic vlan assignment via RADIUS should provide the following IETF values:
  The RADIUS user attributes used for the VLAN ID assignment are:
  IETF 64 (Tunnel Type)—Set this to VLAN.
  IETF 65 (Tunnel Medium Type)—Set this to 802
  IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID
  I have done so with an Aruba Clearpass RADIUS server - but the Access-Accept message being sent below:
  Radius:IETF:Tunnel-Medium-Type     6
  Radius:IETF:Tunnel-Private-Group-Id     4
  Radius:IETF:Tunnel-Type     13
  is being received by the SG300 in some way that's not being interpreted correctly. Log files indicate that the IETF values are not what is expected:
  07-Aug-2014 18:58:41 :%SEC-W-SUPPLICANTUNAUTHORIZED: username teststudent with MAC 00:11:25:d8:42:83 was rejected on port gi2 because Radius accept message does not contain VLAN ID
  07-Aug-2014 18:58:41 :%AAAEAP-W-RADIUSREPLY: Invalid attribute 65 ignored - tag should be 0
  07-Aug-2014 18:58:41 :%AAAEAP-W-RADIUSREPLY: Invalid attribute 64 ignored - tag should be 0
  Is there something I'm missing here? These same values sent by the Clearpass RADIUS server are working for other switches such as Extreme and Brocade.
  Thanks,
  Aaron

  Hi Aleksandra,
  Here are the values from a packet capture of the Access-Accept message:

• Dynamic VLAN assignment and Layer 3 switching on 300 series

  I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
  So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right?
  I'm new to VLAN configuration and layer 3 switching so I wanted to check my understanding. Doesn't this limitation significantly reduce the usefulness of the DVA feature?
  I may well be confused and missing something regarding how this is typically used..

  Hello Glenn,
  Your concept about packet forwarding is correct. With a layer 2 switch, there must be something directing traffic with multiple subnets for intervlan communication or something that provides an IP route to give the request a path back for the request.
  The usefulness for the DVA feature, is not particularly limited to the switch as the switch will correctly assign the VLAN for you, as VS the L3 switch mode, you're dealing with IP addresses. In any scenario, you're going to require a router to get to the internet since the switch does not support NAT.
  Additionally, if you're router does not support VLAN, the L3 switch feature would still be the solution since you should be able to make a static route pointing back to the switch to allow any subnet to traverse the single media. It would still beg the question, how to assign VLAN dynamically.
  The answer, although (in my opinion is terrible) would be GVRP.  But, this application would require ALL of your network cards to be GVRP Enable / Capable which most likely is not the scenario for you (or most anyone else for that matter).

• Radius assign dynamic Vlan and linksys switch

  Hi ,
  I ressently attented to deploid a Radius Authentification with a vlan assigment , i tought it was possible because my switch was 802.1x capable.
  After test , and double check of my configuration i've came to the conclusion that the SRW switch series aren't not influenced by 802.1x vlan options.
  I just wanted to have a feed-back about this ?
  And also , is there a other linksys switch that's capable of allowing vlan this way ?
  Thanks for your reply's 
  Message Edited by tin-tin on 03-26-2009 07:51 AM

  You should post which switch you have exactly. Firmwares within the SRW series varies a lot.
  As far as I know support for RADIUS asssigned VLANs is not compulsory in 802.1x.
  I can tell you that the SRW2008 does not support RADIUS assigned VLANs. So far I have never read of any Linksys switch supporting it but I cannot tell you from first hand experience except for the SRW2008.
  If I need RADIUS assigned VLANs I usually get a Cisco or other brand switch.

• I am having macbook air recently my iphotos did not open and was showing report apple and reopen but i came to know that by pressing alt and iphotos i open an new photo library and stored the pics but now how can i get the pics which i had in the earlier

  i am having macbook air recently my iphotos did not open and was showing report apple and reopen but i came to know that by pressing alt and iphotos i open an new photo library and stored the pics but now how can i get the pics which i had in the earlier photo please help me to recover my photos

  Well I'll guess you're using iPhoto 11:
  Option 1
  Back Up and try rebuild the library: hold down the command and option (or alt) keys while launching iPhoto. Use the resulting dialogue to rebuild. Choose to Repair Database. If that doesn't help, then try again, this time using Rebuild Database.
  If that fails:
  Option 2
  Download iPhoto Library Manager and use its rebuild function. (In early versions of Library Manager it's the File -> Rebuild command. In later versions it's under the Library menu.)
  This will create an entirely new library. It will then copy (or try to) your photos and all the associated metadata and versions to this new Library, and arrange it as close as it can to what you had in the damaged Library. It does this based on information it finds in the iPhoto sharing mechanism - but that means that things not shared won't be there, so no slideshows, books or calendars, for instance - but it should get all your events, albums and keywords, faces and places back.
  Because this process creates an entirely new library and leaves your old one untouched, it is non-destructive, and if you're not happy with the results you can simply return to your old one.  
  Regards
  TD

• I downloaded the new 6 software. Me and my boyfriend share the same iTunes account and now every time I text him I also get a copy of the text sent to my from my number. How do I get that to stop?

  I downloaded the new 6 software. Me and my boyfriend share the same iTunes account and now every time I text him I also get a copy of the text sent to my from my number. How do I get that to stop?

  Go to settings > messages > send & receive
  check or uncheck the correct phones numbers and/or email addresses

• I just tried to install the 11.4 update (or whichever one is the most recent update as of 1/26/2014) and when it failed i tried to install manually and now whenever i try to use it, i get the following error: the application has failed to start because MS

  i just tried to install the 11.4 update (or whichever one is the most recent update as of 1/26/2014) and when it failed i tried to install manually and now whenever i try to use it, i get the following error: "The application has failed to start because MSVCR80.dll was not found. Re-installing the application may fix this problem." Right after i click ok i then get this error: "Itunes was not installed correctly. Please reinstall Itunes. Error 7 (Windows error 126)." I tried to uninstall Itunes and then reinstall the 11.03 version but that didnt work either. I want to know if i copy all of the music in my itunes folder to an external without consolidating can i still transfer all my itunes music from my current windows xp pc to a brand new one and have my current itunes library in my new pc? Basically i just want to know 3 things: What exactly does consolidating the itunes library do? Can i copy, paste, and transfer my itunes library to an external and from there to a new pc? Will i be able to transfer my itunes library without consolidating the files?

  I have found a temporary solution, allowing the previous version of iTunes (v. 11.1.3 (x64) in my case) to be re-installed.  It will allow you to re-establish use of iTunes until the Apple software engineers fix the most recent disasterous upgrade (v. 11.1.4).  Please see and follow the procedure in the following article:http://smallbusiness.chron.com/reverting-previous-version-itunes-32590.html   The previous version works beautifully.

• HT5055 Just updated to lion and my cctv access has stopped functioning all I get is a white screen in the middle of the control panel where the camera shots should be.  I think it is caused by JAVA but am confused as when i view on snow leopard it works 

  Just updated to lion and my cctv access has stopped functioning all I get is a white screen in the middle of the control panel where the camera shots should be.  I think it is caused by JAVA but am confused as when i view on snow leopard it works  can you help

  Open "Java Preferences" either from spotlight or your utilities folder...it's probably going to say you need to install a java runtime. Then just click install!

• Tried to reinstall OSX Mountain Lion 10.8.4 and every time i start with the installation i get a requested time out message, had to shut down my MacBook Pro retina. Now when i start up it automatically start internet recovery

  tried to reinstall OSX Mountain Lion 10.8.4 and every time i start with the installation i get a requested time out message, had to shut down my MacBook Pro retina. Now when i start up it automatically start internet recovery for two ouers. After the internet recovery the same problem with reinstalling OSX message

  Gave up on the GUI.  This script derived from http://blog.netnerds.net/2012/07/os-x-how-to-setup-nat-on-lion-and-mountain-lion / seems to work for me:
  gwdev=en0 # This is my WiFi connection (has Internet connection)
  targetdev=en1 # This is the USB to Ethernet adapter (to give Internet connection)
  /sbin/ifconfig $targetdev down
  /sbin/ifconfig bridge0 create
  /sbin/ifconfig bridge0 up
  /sbin/ifconfig bridge0 addm $gwdev
  /sbin/ifconfig bridge0 $HOST_ADDR
  /sbin/route add default -interface bridge0 -ifscope bridge0 -cloning
  /usr/sbin/sysctl -w net.inet.ip.forwarding=1
  /sbin/ipfw add 100 divert natd ip from any to any via $gwdev
  /usr/sbin/natd -interface $gwdev -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -enable_natportmap -natportmap_interface $targetdev

• I have a new ipad and everything works but can't connect to the app store. Itunes works and the wifi seems to be working but i get a blank white screen when i open the appstore.Nothing will load unter the features or charts tab. Any Suggestions?

  I have a new ipad and everything works but can't connect to the app store. Itunes works and the wifi seems to be working but i get a blank white screen when i open the appstore. Nothing will load unter the features or charts tab so i cant download any apps. Purchased and updates tab loads fine. Any suggestions?

  You would get better response from the iTunes community forum.
  Have a nice day!

• I have an iPod Touch version 4.2.1, and whenever iTunes tries to sync my iPod, I get an error message saying "Mobile Backup has encountered a problem and needs to close", and the sync fails.  What can I do to fix this problem?

  I have an iPod Touch version iOS 4.2.1, 8 G capacity, and whenever iTunes tries to sync my iPod, I get an error message saying "Mobile Backup has encountered a problem and needs to close", and the sync fails.  I have tried deleting and reinstalling iTunes, and the same thing happens.  What can I do to fix this problem?

  Try:
  iOS: If you can't back up or restore from a backup in iTunes

• TS2755 I have 2 phones on my apple id acct. And when I text message that person I am getting a duplicate message to myself. How do I stop this from happening

  I have 2 phones attached to my apple ID account and when I text message that person, I am getting a duplicate message sent back to me.  How do I stop this from happening?

  Make 3 different iCloud accounts and use ONLY for iMessage.   That will permanently fix your issue.