ExtremeSwitching (EXOS)

 View Only
  • 1.  NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 5 2013 9:02AM

    HELLO,

    can some one help me about NETLOGIN MAC BASE authentication configuration and sceanrio. i want to authenticate my 10 host laptop mac address
    in local radius as extreme switch.please share configuration and and how host are authenticated.

    i have tried with below config.

    here is my config:

    configure netlogin vlan nlvlan
    enable netlogin mac
    enable netlogin ports 4 mac
    configure netlogin ports 4 mode port-based-vlans
    configure netlogin ports 4 no-restart
    configure netlogin add mac-list 88??1d:2a:8b:32 48 ports 4
    (from keshab_maharjan)


  • 2.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 5 2013 2:22PM

    Have you created a MAC entry in the local database?

    you can do it by running the commmand:

    create netlogin local-user "88AE1D28B32" ## hit enter, it will prompt you for a password. Put the same MAC address again as a password.

    Let us know how it goes from there. (from ethernet)


  • 3.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 6 2013 6:12AM

    Thanks for reply.

    i have configured netlogin user like you said.
    create netlogin local-user "88AE1D28B32

    but when i checked

    * X250e-24tdc.16 # sh netlogin port 4
    Port : 4
    Port Restart : Disabled
    Allow Egress : None
    Vlan : nlvlan
    Authentication : mac-based
    Port State : Enabled
    Guest Vlan : Disabled
    Auth Failure Vlan : Disabled
    Auth Service-Unavailable Vlan : Disabled

    MAC IP address Authenticated Type ReAuth-Timer User
    88??1d:2a:8b:32 0.0.0.0 No MAC 0
    -----------------------------------------------
    (B) - Client entry Blackholed in FDB

    could you please guide me regarding how mac address are authenticated.

    Thanks
    (from keshab_maharjan)


  • 4.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 6 2013 5:56PM

    Try to force the switch to take the local database for MAC addresses by running the command:

    configure netlogin mac authentication database-order local

    Let us know if this works. (from ethernet)


  • 5.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 7 2013 5:48AM

    please get my full config..

    configure netlogin vlan vlan_10
    enable netlogin mac
    configure netlogin mac authentication database-order local
    enable netlogin ports 4 mac
    configure netlogin ports 4 mode port-based-vlans
    configure netlogin ports 4 no-restart
    configure netlogin add mac-list 88??1d:2a:8b:32 48 ports 4
    ##########################################
    X250e-24tdc.19 # sh netlogin port 4
    Port : 4
    Port Restart : Disabled
    Allow Egress : None
    Vlan : vlan_10
    Authentication : mac-based
    Port State : Enabled
    Guest Vlan : Disabled
    Auth Failure Vlan : Disabled
    Auth Service-Unavailable Vlan : Disabled

    MAC IP address Authenticated Type ReAuth-Timer User
    88??1d:2a:8b:32 0.0.0.0 No MAC 0
    -----------------------------------------------
    (B) - Client entry Blackholed in FDB
    ########################################------------------------------------------------
    MAC Mode Global Configuration
    ------------------------------------------------

    MAC Address/Mask Password (encrypted) Port(s)
    -------------------- ------------------------------ ------------------------
    88:AE:1D:2A:8B:32/48


  • 6.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 7 2013 2:52PM

    I actually ran into an issue with case-sensitivity before. Remove the command:
    configure netlogin add mac-list 88??1d:2a:8b:32 48 ports 4

    by running the command:
    configure netlogin add mac-list 88:AE:1D:2A:8B:32 48 ports 4

    Also, the username and password in the create netlogin local-user command, make sure those are uppercase too.

    Hopefully, that is what is the last command that is missing from the switch. (from ethernet)


  • 7.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 11 2013 5:06AM

    same thing... after configuring with upper case

    configure netlogin add mac-list 88:AE:1D:2A:8B:32 48 ports 4 and netlogin local-user..
    * X250e-24tdc.40 # sh netlogin port 4
    Port : 4
    Port Restart : Disabled
    Allow Egress : None
    Vlan : vlan_10
    Authentication : mac-based
    Port State : Enabled
    Guest Vlan : Disabled
    Auth Failure Vlan : Disabled
    Auth Service-Unavailable Vlan : Disabled

    MAC IP address Authenticated Type ReAuth-Timer User
    88??1d:2a:8b:32 0.0.0.0 No MAC 0
    -----------------------------------------------
    (B) - Client entry Blackholed in FDB

    could you please guide me how users authenticated..where we put user name and password which was created in SWITCH... do i need to dial..

    (from keshab_maharjan)


  • 8.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 11 2013 5:13PM

    Try to open the netlogin configuration to all MACs by running the command:

    Configure netlogin add mac-list FF:FF:FF:FF:FF:FF 48 port X

    This will *NOT* allow all devices to be authenticated. Only devices created in the Local DB by running the command "create netlogin local-user ...."

    (from ethernet)


  • 9.  RE: NETLOGIN MAC BASE

    Posted 01-07-2014 21:59
    Create Date: Mar 14 2013 5:12AM

    hello,

    pls get my full config

    configure netlogin vlan vlan_101
    enable netlogin mac
    configure netlogin mac authentication database-order local
    enable netlogin ports 24 mac
    configure netlogin ports 24 mode port-based-vlans
    configure netlogin ports 24 no-restart
    configure netlogin add mac-list 88??1d:2a:8b:32 48 ports 24
    configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 ports 24
    ##################################
    * X250e-24tdc.23 # sh netlogin local-users detail
    NetLogin Local User information:

    User Name : 88AE1D2A8B32
    Extended-VLAN VSA :