Wireless (General)

  • 1.  netlogin 802.1X authentication question

    Posted 03-14-2016 15:07
    I have the netlogin 802.1X client authenticated with sucess, but why always I have immediately before a failed authentication mac address from the same client?

    03/11/2016 16:40:31.77 [i] Network Login 802.1x user host/TDT34349.corporativo.pt logged in MAC 74:46:A0:XX:XX:XX port 3 VLAN(s) "DADOS", authentication Radius
    03/11/2016 16:40:31.69 [i] Authentication failed for Network Login MAC user 7446A0XXXXXX Mac 74:46:A0:XX:XX:XX port 3
    03/11/2016 16:40:31.67 [i] Port 3 link UP at speed 1 Gbps and full-duplex

    Best Regards
    Vitor Barreiro


  • 2.  RE: netlogin 802.1X authentication question

    Posted 03-14-2016 15:12
    Do you have MAC and DOT1x configured. MAC authenticates first because it attempts to authenticate once the first frame is received. Are you currently using MAC based authentication? MAC authentication sends the MAC as the username and password in a radius request packet.


  • 3.  RE: netlogin 802.1X authentication question

    Posted 03-14-2016 15:12
    Yes, i have MAC and DOT1X configured, because in most of the ports i have IPphone and a PC behind the phone. MAC autentication for the Phones and DOT1x pfor the PC. Configuration bellow:

    configure netlogin vlan Authenable netlogin dot1x mac
    configure netlogin authentication protocol-order dot1x mac web-based
    configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
    enable netlogin ports 3-5,7,9,11-19 dot1x
    enable netlogin ports 3-5,7,9,11-19 mac
    configure netlogin ports 3 mode mac-based-vlans
    configure netlogin ports 3 no-restart


  • 4.  RE: netlogin 802.1X authentication question

    Posted 03-14-2016 15:24
    MAC authentication is enabled, and the MAC is not in the "allow" list, hence the Auth failure. To prevent this, change the order of the authentication mechanism. Likely the order is currently set to MAC-802.1x-WebAuth. Change the order in NetSight to authenticate 802.1x first, and your problem should go away.


  • 5.  RE: netlogin 802.1X authentication question

    Posted 03-14-2016 15:24
    I have MAC and DOT1X configured, because in most of the ports i have IPphone and a PC behind the phone. MAC autentication for the Phones and DOT1x pfor the PC. NPS is the radius server and configuration is:

    configure netlogin vlan Authenable netlogin dot1x mac
    configure netlogin authentication protocol-order dot1x mac web-based
    configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
    enable netlogin ports 3-5,7,9,11-19 dot1x
    enable netlogin ports 3-5,7,9,11-19 mac
    configure netlogin ports 3 mode mac-based-vlans
    configure netlogin ports 3 no-restart


  • 6.  RE: netlogin 802.1X authentication question

    Posted 03-14-2016 15:31
    Mac will still authenticate first, but the order will make sure it acts on what 802.1x tells it over MAC.