How to configure guest vlan

  • 0
  • 1
  • Question
  • Updated 5 years ago
  • Answered
Create Date: Jan 18 2013 10:56AM

Hello Ethernation,

I'm trying to configure netlogin mode 802.1x with guest vlan feature enable.
Configuration is working for an authenticated supplicant which is receiving his destination VLAN from a NPS Server.

Now i want to drop a unauthenticated supplicant on a guest vlan.
I tried this :
 # conf netlogin dot1x guest-vlan "invite" ports 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.
 # ena netlogin dot1x guest-vlan port 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.

So guest vlan remains not configured and disabled.

802.1X is the only enabled netlogin protocol on that port.
My netlogin configuration :
NetLogin Authentication Mode : web-based DISABLED;  802.1x ENABLED;  mac-based DISABLED
NetLogin VLAN                : "authlan"
NetLogin move-fail-action    : Deny
NetLogin Client Aging Time   : 5 minutes
Dynamic VLAN Creation        : Disabled
Dynamic VLAN Uplink Ports    : None

------------------------------------------------
        Web-based Mode Global Configuration
------------------------------------------------
Base-URL                 : network-access.com
Default-Redirect-Page    : ENABLED; http://www.extremenetworks.com
Logout-privilege         : YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)
Refresh failures allowed : 0
Reauthenticate on refresh: Disabled
Authentication Database  : Radius, Local-User database
Proxy Ports              : 80(http),443(https)
------------------------------------------------

------------------------------------------------
        802.1x Mode Global Configuration
------------------------------------------------
Quiet Period                    : 60
Supplicant Response Timeout     : 30
Re-authentication period        : 3600
Max Re-authentications          : 3
RADIUS server timeout           : 30
EAPOL MPDU version to transmit  : v1
Authentication Database         : Radius
------------------------------------------------

------------------------------------------------
          MAC Mode Global Configuration
------------------------------------------------
Re-authentication period        : 0 (Re-authentication disabled)
Authentication Database         : Radius, Local-User database
------------------------------------------------

Port: 3:20,  Vlan: userftp,  State: Enabled,  Authentication: 802.1x
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User
00:17:08:46:39:24  0.0.0.0          No                802.1x  0
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 4:17,  Vlan: userftp,  State: Enabled,  Authentication: 802.1x
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User
08:2e:5f:06:02:26  0.0.0.0          Yes, Radius       802.1x  155            FTV-PUBLICITE\fdu


Any idea please?

Regards,
Frédéric.

(from fredftp)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Jan 18 2013 5:41PM

Solved

Unconfigured all related netlogin configuration.
started a new netlogin dotx mode from scratch
Enabling guest vlan with no problems now on any netlogin port

(from fredftp)