Posted on March 29, 2019 10:57 pm
 |  Asked by Jair Real
Print Friendly, PDF & Email

I would like to source all dot1x authentication requests for ports in the default/root vrf in a 7010T-48 Arista switch using the Management interface which is part of a separate VRF named Mgmt.

If I source a ping using the command “ping vrf Mgmt ” it is reachable 100% of the time, but authentication requests never make it to the radius server.

If I move the Management interface back to the default/root VRF (basically remove the command “vrf forwarding Mgmt” from the management interface”, then dot1x requests make it to the Radius server.

Does anyone know if this is a supported use/scenario? Or will I need to create a loopback interface or an SVI to source radius packets from the default/root vrf for dot1x auth requests?

Posted by Yagna Siriki
Answered on March 29, 2019 11:14 pm


Did you specify vrf in radius configuration?

radius-server host vrf key

I can reach radius server through management vrf.

Post your Answer

You must be logged in to post an answer.