Networking
需要幫助讓動態 VLAN 分配與 RADIUS 和 Dell PowerConnect 3524 配合使用
我試圖讓動態 VLAN 分配在許多 Dell PowerConnect 3524 交換機上工作。
我有兩台 RADIUS 伺服器,我已經證明這兩台伺服器都在 Linux 上使用 radtest。
其中一台伺服器(優先級 0)託管在網路管理 VLAN(在 Windows 上執行的 TekRADIUS)上,第二台(優先級 1)位於另一個 VLAN(Linux 上的 FreeRADIUS)上。
但是,我似乎無法說服交換機實際對任一 RADIUS 伺服器執行身份驗證。
交換機和 RADIUS 伺服器之間的網路通信已使用交換機 CLI 中的 ping 進行驗證。
我的交換機配置如下,誰能發現我錯過的任何東西?
interface range ethernet all spanning-tree portfast exit interface range ethernet e(1-24) dot1x multiple-hosts authentication exit interface ethernet g1 switchport mode trunk exit vlan database vlan 2-5,9-11 exit interface ethernet g1 switchport trunk allowed vlan add 2 exit interface ethernet g1 switchport trunk allowed vlan add 3 exit interface ethernet g1 switchport trunk allowed vlan add 4 exit interface ethernet g1 switchport trunk allowed vlan add 5 exit interface ethernet g1 switchport trunk allowed vlan add 9 exit interface ethernet g1 switchport trunk allowed vlan add 10 exit interface ethernet g1 switchport trunk allowed vlan add 11 exit interface vlan 2 name netman exit interface vlan 3 name lt-sys exit interface vlan 4 name pub-sys exit interface vlan 5 name lt-clients exit interface vlan 9 name lt-voip exit interface vlan 10 name lt-print exit interface vlan 11 name lt-wifi exit dot1x system-auth-control interface range ethernet e(1-24) dot1x radius-attributes vlan exit interface range ethernet e(1-24) dot1x port-control auto exit interface vlan 2 ip address 10.58.2.7 255.255.255.0 exit hostname sw-3-1 radius-server host 10.58.2.128 key switch usage dot1.x radius-server host 10.58.3.132 key switch priority 1 usage dot1.x aaa authentication dot1x default radius username bryan password password-hash-was-here level 15 encrypted ip domain-name liketechnologies.local ip name-server 10.58.3.32 10.58.3.33
我現在(或大部分)已經設法解決了這個問題。由於 RADIUS 身份驗證,埠被正確分配給 VLAN,但是由於某種原因,在設備從我們的 DHCP 伺服器分配 IP 地址後,沒有其他流量被轉發。
我可能只是弄錯了我的 VLAN 路由,或者我沒有正確地在中繼埠上傳遞 VLAN 流量。
對於通過Google找到這個的其他人,我的(主要)工作配置如下:
interface range ethernet all spanning-tree portfast exit interface range ethernet e(1-24) dot1x multiple-hosts authentication exit interface range ethernet g(1-4) switchport mode trunk exit vlan database vlan 2-6,9-11 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 2 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 3 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 4 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 5 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 6 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 9 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 10 exit interface range ethernet g(1-4) switchport trunk allowed vlan add 11 exit interface vlan 2 name netman exit interface vlan 3 name lt-sys exit interface vlan 4 name pub-sys exit interface vlan 5 name lt-clients exit interface vlan 6 name guest exit interface vlan 9 name lt-voip exit interface vlan 10 name lt-print exit interface vlan 11 name lt-wifi exit interface vlan 6 dot1x guest-vlan exit dot1x system-auth-control interface range ethernet e(1-24) dot1x re-authentication exit interface range ethernet e(1-24) dot1x max-req 3 exit interface range ethernet e(1-24) dot1x mac-authentication mac-and-802.1x exit interface range ethernet e(1-24) dot1x radius-attributes vlan exit interface range ethernet e(1-24) dot1x port-control auto exit interface range ethernet e(1-24) dot1x guest-vlan enable exit interface vlan 2 ip address 10.58.2.99 255.255.255.0 exit hostname sw-1-2 radius-server host 10.58.2.128 key switch priority 2 radius-server host 10.58.3.132 key switch priority 1 aaa authentication dot1x default radius username bryan password password-hash-was-here level 15 encrypted clock source sntp sntp server 10.58.3.128 poll ip domain-name liketechnologies.local ip name-server 10.58.3.32 10.58.3.33