ExtremeSwitching (EXOS)

Expand all | Collapse all

No Netlogin VLAN option

Ronald Dvorak

Ronald Dvorak05-08-2018 18:28

Ronald Dvorak

Ronald Dvorak05-08-2018 18:30

Terren Crider

Terren Crider05-08-2018 18:43

Ahmed Haroun

Ahmed Haroun05-09-2018 02:24

  • 1.  No Netlogin VLAN option

    Posted 05-08-2018 18:14
    I'm trying to configure netlogin and I don't seem to have the option to set a netlogin vlan. Is this a licensing issue or something else I'm missing?




  • 2.  RE: No Netlogin VLAN option

    Posted 05-08-2018 18:28
    model and software version of the switch ?


  • 3.  RE: No Netlogin VLAN option

    Posted 05-08-2018 18:30
    could you post a "show netlogin"


  • 4.  RE: No Netlogin VLAN option

    Posted 05-08-2018 18:43




  • 5.  RE: No Netlogin VLAN option

    Posted 05-08-2018 19:12
    Is that a special version as I can't find that one on the download server - could you try to upgrade to a newer version ?


  • 6.  RE: No Netlogin VLAN option

    Posted 05-08-2018 19:12
    I can upgrade to 21.1.4.4 patch 1-6. There are software bugs in later releases that prevent me from upgrading beyond that.

    https://www.extremenetworks.com/extreme-hardwaresoftware-compatibility-recommendation-matrices/softw...


  • 7.  RE: No Netlogin VLAN option

    Posted 05-08-2018 19:12
    I upgraded to 21.1.4.4 patch 1-6. I still don't have the command "configure netlogin vlan".


  • 8.  RE: No Netlogin VLAN option

    Posted 05-09-2018 02:24
    may be because you have enabled policy?


  • 9.  RE: No Netlogin VLAN option

    Posted 05-09-2018 05:22
    Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.



  • 10.  RE: No Netlogin VLAN option

    Posted 05-09-2018 05:22
    I do have policy enabled. Is there a good KB regarding configuring netlogin with policy enabled on switch firmware 2x.x and EMC version 8.x?

    My searching isn't turning up much.


  • 11.  RE: No Netlogin VLAN option

    Posted 05-09-2018 05:22
    Same request for me, it is really not clear how both works together.


  • 12.  RE: No Netlogin VLAN option

    Posted 05-09-2018 05:22
    Hi Terrence, please run the show policy state command to verify the status of policy. The NetLogin VLAN will only be removed from the configuration list IF policy is enabled
    # enable policy
    Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.[/code]# show policy state
    Policy is currently: ENABLED
    # configure netlogin vlan
    ^
    %% Invalid input detected at '^' marker.[/code]Once policy is disabled, the netlogin VLAN can be configured:
    # disable policy
    # configure netlogin vlan


  • 13.  RE: No Netlogin VLAN option

    Posted 05-09-2018 05:22
    show policy state shows that policy is enabled.

    Are policy and Netlogin mutually exclusive? How would I do both? And is the policy in question here the ACL/local policy, or the EMC managed policy, or both?


  • 14.  RE: No Netlogin VLAN option

    Posted 05-09-2018 05:22
    Hi Terren, I apologize for my earlier response, I read your response as "I do not have policy enabled".

    Anyhow, the old Netlogin was VLAN dependent. An unauthenticated port had to be put somewhere while it is not authenticated, thus the need for the Netlogin VLAN. With Policy (not the ACL policy, but the XMC type of policy), the unauthenticated port can belong no where, and will be moved to its respective VLAN when tunnel attributes or the Filter-ID are passed down from RADIUS, or it can directly belong to the VLAN it will belong post authentication. It is this difference in architecture, that makes this specific configuration aspect mutually exclusive. The following outlines what changes when policy is enabled:

    https://documentation.extremenetworks.com/exos_22.2/exos_21_1/onepolicy/c_netlogin-authentication.sh...




  • 15.  RE: No Netlogin VLAN option

    Posted 05-09-2018 05:22
    Thanks. I'll give this a review and try it out.


  • 16.  RE: No Netlogin VLAN option

    Posted 05-10-2018 19:21
    So, given everything I've learned in this thread I have a couple of questions.

    Can I use netlogin and policy at the same time?

    How do I configure netlogin when using policy (switch firmware 2x.x and EMC 8.x)?


  • 17.  RE: No Netlogin VLAN option

    Posted 05-10-2018 19:21
    Q. Can I use netlogin and policy at the same time?
    A. Yes, you can. Once policy is enabled you cannot configure your netlogin VLAN, plus the other commands outlined in the previous link I shared.

    Here's an examples on how to configure Netlogin with XMC:

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-netlogin-dot1x-via-policy...

    And here's another one if you wanted to use a third party RADIUS Server:

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-802-1x-based-Netlogin-wit...



  • 18.  RE: No Netlogin VLAN option

    Posted 05-10-2018 19:21
    Thanks. I'll give these a shot.


  • 19.  RE: No Netlogin VLAN option

    Posted 05-10-2018 19:21
    I hate to prod and criticize, but do you have more up to date documentation regarding policy and netlogin? Like I said, I'm on switch firmware 21.x and EMC 8.x.