cancel
Showing results for 
Search instead for 
Did you mean: 

G3 Switch If SACL's are configured it is not possible to login to switch with radius account

G3 Switch If SACL's are configured it is not possible to login to switch with radius account

Rainer_Adam
New Contributor III

If SACL's are configured it is not possible to login to switch with radius account.

If you configure a SACL that contains a service, it is NOT possible to login to the switch with your radius users anymore, only local users are able to login like "admin".

Firmware on this G3 is: 06.61.15.0003
Radius login credentials are on the NAC Gateways.

8 REPLIES 8

Ronald_Dvorak
Honored Contributor
You've only allowed "service snmp" and not all traffic from this source as per your config.

Oh my god, yes, thats it!

Rainer_Adam
New Contributor III
10.1.1.250 and 10.2.1.250 in this case are the ip addresses from the NAC gateway. If I unterstood it correct my config will allow all the traffic from 10.1.1.250 and 10.2.1.250, right?

Matthew_Hum1
Extreme Employee
Yes, you need to either allow everything from the NAC Gateway or also allow RADIUS (port 1812) from theNAC Gateways.
try adding this:
set system service-acl sacl permit ip-source port 1812
GTM-P2G8KFN