ExtremeSwitching (EXOS)

 View Only
  • 1.  how to configure dot1x on ExtremSwtich ?

    Posted 04-16-2022 21:18
    Hello, I am new on ExtremSwitch and am trying to build a port based authentication with Freeradius.
    • And i need your confirmation please about my steps for configuring the Extrem switch as authenticator

    This is my Lab Schematic:

    This is my switch config that i need your confirmation for it: (is it correct ?)
    create vlan purgatory
    configure netlogin vlan purgatory
    enable netlogin dot1x
    enable netlogin ports 1 dot1x
    configure netlogin ports 1 mode port-based-vlans
    configure netlogin ports 1 restart
    configure vlan A ipaddress 192.168.1.1/24
    configure radius netlogin primary server 192.168.1.2 1812 client-ip 192.168.1.1 vr "VR-Default"
    configure radius netlogin primary shared-secret ilovesecret
    enable radius netlogin

    on the radius side (MD5 authentication) i created a :
    client switch {
    ipv4add = 192.168.1.1
    secret = ilovesecret
    }

    on my kali side i just enable port based authentication from the network setting but am not sure is that enough ?



    when i send request with radclient, my kali not authenticated on the switch  ? do i miss something in my config ?



    I hope if i detailed my lab and config well , i will be waiting your answers please, thx


  • 2.  RE: how to configure dot1x on ExtremSwtich ?

    Posted 04-19-2022 12:03
    can we get some reply on my question or not ?


  • 3.  RE: how to configure dot1x on ExtremSwtich ?

    Posted 04-19-2022 16:23
    Hello,

    Could you check the 'show log' output for any 802.1x messages to see whether there are any failures or authentication attempts? The following article could be used as a guideline to compare the configuration for 802.1x: https://extremeportal.force.com/ExtrArticleDetail?an=000081809&q=802.1x%20nps

    Running a packet capture on the switch, client, and server may be ideal to see whether there any request and responses and help isolate if the EAPOL packets are being sent received.