802.1x authentication

  • 0
  • 1
  • Question
  • Updated 4 months ago
  • Answered

Hi Team,

I need to configure the 802.1X authentication in Summit X440 -24p-10g switch.

I have NPS server in our environment .

Server details :- Ip address 192.168.1.74

Subnet  :- 255.255.255.0

Gateway :- 192.168.1.1

Switch details :- Vlan 1 Ip address :- 192.168.1.4

Kindly provide setup by step command based on this Ip details .

In NPS already working and I configured so not required NPS document only I required what I need to configure in switch level with proper command.

 

 
Photo of muthu naganathan

muthu naganathan

  • 202 Points 100 badge 2x thumb

Posted 10 months ago

  • 0
  • 1
Photo of Ariyakudi Srinivas, Muthuraman

Ariyakudi Srinivas, Muthuraman, Employee

  • 964 Points 500 badge 2x thumb
Photo of muthu naganathan

muthu naganathan

  • 202 Points 100 badge 2x thumb
Hi ,

While execute the command i am getting error message.
X440-24p-10G.12 # configure radius netlogin primary server 1812 client-ip 192.168.1.4 vr "VR-Mgmt"
Error:  IP address 192.168.1.4 is not configured in virtual router "VR-Mgmt".


Regards.
Muthu
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
Hi Muthu,

As you configured the IP address 192.168.1.4 in VLAN 1, you need to change the "vr-Mgmt" to "vr-Default".

BR
Photo of muthu naganathan

muthu naganathan

  • 202 Points 100 badge 2x thumb
Hi ,

I am not understanding what is the client-ip ?
  • configure radius netlogin primary server <radius server IP> client-ip <source IP for radius request from switch>
Regards
N.Muthu
Photo of Daniel Flouret

Daniel Flouret, Employee

  • 7,470 Points 5k badge 2x thumb
Naganathan, any station that wants to communicate to a Radius server must be registered as a client in the Radius server. And for every client, the Radius server will have a shared secret (think of it as a password) to validate that the client i the correct one.

So, you will need two enter commands in the switch:
configure radius netlogin primary server 192.168.1.74 client-ip 192.168.1.4 vr "VR-Default"
configure radius netlogin primary shared-secret "mysecret" (you can select a different one...)

And then you will need to add the switch as a client in NPS.

I nthe Windows server open NPS, open Radius Clients and Servers, select RADIUS Clients, right-click and select New:



In the New RADIUS Client form input the switch address (192.168.1.4) in the Address field. Then enter the shared secret (mysecret, or whatever you chose in the previous command) in the Shared Secret and Confirm Shared Secret fields. Press OK to save. The new client should appear in the clients list.

 

Now the switch and the Radius server are ready to talk to each other.
Photo of Andrew Imam

Andrew Imam, Alum

  • 1,026 Points 1k badge 2x thumb
Hi Muthu,

If you are not using the MGMT VLAN to connect to your RADIUS Server, please replace the vr VR-MGMT with vr VR-Default in the command you listed. Please let us know if you have any other questions.
Thank you.

Best regards,
Andrew
Photo of Ariyakudi Srinivas, Muthuraman

Ariyakudi Srinivas, Muthuraman, Employee

  • 964 Points 500 badge 2x thumb
Hi Muthu,

And the client-ip is the IP of the switch.

Below is a sample configuration for your reference,
The following example configures the primary RADIUS server on host radius1 using the default UDP port (1812) for use by the RADIUS client on switch 10.10.20.30 using a virtual router interface of VRDefault:

#configure radius primary server radius1 client-ip 10.10.20.30 vr vr-Default
Photo of muthu naganathan

muthu naganathan

  • 202 Points 100 badge 2x thumb
Hi Andrew,

Please find the error message.
X440-24p-10G.13 # configure radius netlogin primary server 1812 client-ip 192.168.1.4 vr "VR-Default"
Error:  Name lookup for host failed

Regards
N.Muthus
Photo of Andrew Imam

Andrew Imam, Alum

  • 1,026 Points 1k badge 2x thumb
Muthu,

The "client-ip" refers to the local VLAN IP address (the source IP address for radius request from the switch)
Thanks.

Best regards,
Andrew
Photo of Andrew Imam

Andrew Imam, Alum

  • 1,026 Points 1k badge 2x thumb
Muthu,

Regarding the "Error:  Name lookup for host failed",  you need to include the IP address of the RADIUS Server in the command line e.g. "primary server <radius server IP>". Also, if you are using the default ports for RADIUS you do not need to include a port # (e.g. port 1812) in the command line.
Thanks.

Best regards,
Andrew
Photo of hassephil

hassephil

  • 60 Points
Is there any tutorial movie on this ? step by step for dummies  ?   
How to configure 802.1x based Netlogin with Radius on EXOS
(Edited)