set native vlan on pc 3548p port

From the CLI have you tried entering this command?

Console(config)# interface ethernet 1/e16 (change to whichever interface is needed)

Console(config-if)# switchport mode access

Console(config-if)# switchport access vlan 20

Then attempt the connection again.

If you plug in a device with a static IP address in the VLAN 20 subnet, is it able to ping the DHCP server?

When you set the port to general mode with a pvid of 20, any untagged frames being received on that port will be sent to VLAN 20. So with a PVID of 20 there is no need to add VLAN 20 untagged.

Since it will let you set the port to general mode with PVID of 20, lets set the port to that mode. Then connect a workstation with a static IP address and see if you can ping devices on VLAN 20.

Are you able to set the port to access mode for another VLAN? Just a random test VLAN.

So if the port is in access mode, i cant assign vlan 20 to it as the default.  If it is in general mode, and i set the PVID to 20, i cant add the port as an untagged member of vlan 20.  If i leave the PVID as 1, then i can add the port as a tagged member of vlan 20, but not an untagged member.  

When i first tried these commands, i got a 'Port 1/e44: Port does not belong to PVID VLAN as untagged' error. I then tried changing the port membership to vlan 20 to untagged and got 'Port 1/e44 belongs to wrong number of vlans'.  I then removed the membership to vlan 20.  Then ran again and got 'Untagged port 1/e44 can not be added to Unauthenticated Vlan 20'.  

10.10.70.x is your VLAN 20 subnet?

Is port based authentication enabled on the switch? If so lets try disabling it.

Can you post up the running config from the switch. we can look through it for any suggested changes.

Ok, i set port 1/e44 tp general mode with pvid of 20.  I set the nic on my laptop to static ip of 10.10.70.25, subnet mask 255.255.255.0, default gateway of 10.10.70.1 (which is the firewall).  I connected to port 44 on the switch.  tried to ping the gateway, the dhcp server.  Nada.  No response.  

I then created a new vlan 200.  ran config, interface ethernet 1/e30 (port not in use).  then switchport mode access, switchport access vlan 200.  Got the same error 'Port 1/e30 cannot be added to unauthenticated vlan 200.

But if i plug in the 5 port dlink managed switch that i have configured with ports 1,2,3 with PVID of 20, when i uplink that to an open port (configured as general with vlan 1 untagged, and vlan 20 tagged) on the same 3548p switch everything behaves as expected.  pc plugged into that switch gets dhcp from vlan 20, can ping the default gateway and dhcp server, and can browse the internet.  

Thanks for posting that up. Did some more reading on the unauthenticated VLAN.

• An access port cannot be a member in an unauthenticated VLAN.
• The native VLAN of a trunk port cannot be an unauthenticated VLAN.
• For a general port, the PVID can be an unauthenticated VLAN (although only tagged packets areaccepted in the unauthorized state.

This would explain the behavior and messages being seen. Lets try reverting the authentication using this command.

# no dot1x auth-not-req

Then on port 44 place the port into force-authorized mode.

Console(config)# interface ethernet 1/e44
Console(config-if)# dot1x port-control force-authorized

And see if we can get the traffic to flow. Here is a KB article on the a 6024 switch, that outlines some details about authenticated and unauthenticated.

http://www.dell.com/downloads/global/products/pwcnt/en/config_auth_unauth_vlan.pdf

Keep us posted,

I attached the running-config.txt file.  I sanitized it but all of the relevant info should still be there.  Any info at this point would be helpful.

Ok, i had tried to switch to rich text so i could put the config in as attachment.  but that didnt seem to work. so i will have to look like a n00b and paste it into the body here.

SwitchRack4# show running-config

spanning-tree mode rstp

interface port-channel 1

description FromSwitch1

exit

bridge multicast filtering

interface port-channel 1

switchport mode general

exit

interface port-channel 2

switchport mode general

exit

interface port-channel 3

switchport mode general

exit

interface port-channel 4

switchport mode general

exit

interface port-channel 5

switchport mode general

exit

interface port-channel 6

switchport mode general

exit

interface port-channel 7

switchport mode general

exit

interface port-channel 8

switchport mode general

exit

interface range ethernet 1/e(1-29,31-48),1/g(1-2),2/e(1-48),2/g(1-2)

switchport mode general

exit

vlan database

vlan 20,30,200

exit

interface ethernet 1/e44

switchport general pvid 20

exit

interface range ethernet 1/e(1-29,31-35,37-43,45-46),1/g(1-2),2/e(47-48),2/g(

1-2)

switchport general allowed vlan add 20

exit

interface range port-channel (1-8)

switchport general allowed vlan add 20

exit

interface range ethernet 1/e(1-29,31-33,35,37-43),1/g(1-2),2/e(1-48),2/g(1-2)

switchport general allowed vlan add 30

exit

interface range port-channel (1-8)

switchport general allowed vlan add 30

exit

interface vlan 20

name XOPBX

exit

interface vlan 30

name "TX Guest Wireless"

exit

interface vlan 200

name test

exit

interface range vlan 20,30,200

dot1x auth-not-req

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

interface range ethernet 1/e(47-48)

channel-group 1 mode on

exit

interface ethernet 1/e44

gvrp vlan-creation-forbid

exit

ip igmp snooping

interface vlan 1

ip igmp snooping

ip igmp snooping mrouter learn-pim-dvmrp

ip igmp snooping host-time-out 260

ip igmp snooping mrouter-time-out 300

ip igmp snooping leave-time-out 10

exit

interface ethernet 1/e47

lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy

exit

interface ethernet 1/e48

lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy

exit

interface vlan 1

ipv6 enable no-autoconfig

ipv6 address fdf4:3532:29fc:ad09::a0a:ad6/64

exit

interface vlan 1

ip address 10.10.10.214 255.255.255.0

exit

ip default-gateway 10.10.10.1

qos trust dscp

qos map dscp-queue 46 to 4

interface range ethernet 1/e(1-9,11-46)

qos cos 6

exit

hostname SwitchRack4

interface ethernet 1/e19

rmon collection history 1 owner belwellphone

exit

logging 10.10.10.218 facility local4 severity warnings

aaa authentication dot1x default none

clock timezone -6

clock summer-time recurring usa

clock source sntp

sntp client poll timer 720

sntp unicast client enable

sntp unicast client poll

sntp anycast client enable

sntp broadcast client enable

sntp server 10.10.10.225 poll

ip domain-name idibri.com

ip name-server  10.10.10.225

interface range ethernet 1/e(47-48)

lldp management-address 10.10.10.214

exit

snmp-server set rlEventsDeleteEvents  rlEventsDeleteEvents 1

Default settings:

SW version 2.0.0.53 (date  08-Oct-2013 time  10:47:12)

Fast Ethernet Ports

==========================

no shutdown

speed 100

duplex full

negotiation

flow-control off

mdix auto

no back-pressure

Gigabit Ethernet Ports

=============================

no shutdown

speed 1000

duplex full

negotiation

flow-control off

mdix auto

no back-pressure

interface vlan 1

interface port-channel 1 - 15

spanning-tree

spanning-tree mode STP

qos basic

qos trust cos