ExtremeSwitching (EXOS)

  • 1.  Netlogin mac-based VLANs with Local Database and Wildcard?

    Posted 01-07-2014 21:53
    Create Date: Jun 11 2012 7:40AM

    Hi,

    i have a conferencing room with 8 ports there on a BlackDiamond 8806. I want only this 8 ports to add netlogin mac-based vlan because my collegs MAC address (13 notebooks) should get the intern vlan to access all servers and files. And all other MAC's (Guests) should get access to my Guest VLAN. So is there a wildcard for the local database to add all unknown MAC addresses to my configured Guest VLAN named "GaesteNetwork".

    Ive tried to use my GuestVLAN as Netlogin VLAN but this doesnt work and i dont found a wildcard for "all other MAC addresses"

    Greetz Chris and thanks for help.

    (from Chris_Huettner)


  • 2.  RE: Netlogin mac-based VLANs with Local Database and Wildcard?

    Posted 01-07-2014 21:53
    Create Date: Jun 11 2012 2:45PM

    Guest VLAN feature only works with 802.1X enabled ports. Without a radius server, the only way this will work is with the service-unavailable feature. Here's my config:





    #

    # Module netLogin configuration.

    #

    configure netlogin vlan temp

    enable netlogin mac

    configure netlogin mac authentication database-order local radius

    enable netlogin ports 2 mac

    configure netlogin ports 2 mode port-based-vlans

    configure netlogin ports 2 no-restart

    configure netlogin ports 2 allow egress-traffic all_cast

    configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48

    enable netlogin authentication service-unavailable vlan ports 2

    configure netlogin authentication service-unavailable vlan GUEST ports 2





    (from john_padilla)


  • 3.  RE: Netlogin mac-based VLANs with Local Database and Wildcard?

    Posted 01-07-2014 21:53
    Create Date: Jun 11 2012 2:52PM

    Hi jp,

    thanks for your answer, i will give it a try ..



    edit:

    hi jp,

    now all notebooks get the failover VLAN GästeNetwork. My 13 notebooks who should get the internal VLAN , too?

    * Extreme Networks BlackDiamond.1 # sh netlogin local
    Netlogin Local User Name Extended-VLAN VSA Security Profile
    ------------------------ ----------------------------- ----------------------
    001f29b763f4 U ClientData


  • 4.  RE: Netlogin mac-based VLANs with Local Database and Wildcard?

    Posted 01-07-2014 21:53
    Create Date: Jun 11 2012 3:20PM

    Yes, any device that should be moved to a different VLAN other than the GUEST will have a local database entry.

    (from john_padilla)


  • 5.  RE: Netlogin mac-based VLANs with Local Database and Wildcard?

    Posted 01-07-2014 21:53
    Create Date: Jun 12 2012 6:09AM

    Hi jp,

    i dont know why, but now my collegs notebooks geht the failover vlan "GästeNetwork" too. No switchting to the internal VLAN. My local database seems to be good.

    i dont understand the command:

    conf netlogin add mac-list ff:ff:ff:ff:ff:ff:ff 48

    * Extreme Networks BlackDiamond.1 # configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
    WARNING: Existing entry in the table was replaced with the new password/port-list.

    whats now the password for my mac-list "default" ? or should i do an extra command for:

    configure add mac-list default mypassword?

    and then add my collegs MAC's with

    create netlogin local-user 000000000000 vlan-vsa untagged ClientData ?



    EDIT:

    thanks jp, i reconfigured the local database a third time and now it works. ? dont know why ;-)

    (from Chris_Hüttner)


  • 6.  RE: Netlogin mac-based VLANs with Local Database and Wildcard?

    Posted 01-07-2014 21:53
    Create Date: Jun 12 2012 1:49PM

    The netlogin default mac-list (eg. ff:ff:ff:ff:ff:ff:ff 48) is used to send the mac address found on the netlogin enabled port to the local and/or radius database. This means all mac addresses found on the interface must be sent to authentication.

    The default mac-list password is the mac address in all caps.

    To move your local-user into the ClientData VLAN, then create a new netlogin local-user entry with the mac address and username and password.



    (from john_padilla)