This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (General)
- MAC authentication error on X440-G2
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
MAC authentication error on X440-G2
MAC authentication error on X440-G2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-14-2017 02:15 PM
Hello Guys ! I was trying to setup passive NAC (pass-through) with X440- G2-48p-10G4 switch. I keep getting following error in the log: 02/14/2017 14:28:40.49 Authentication failed for Network Login MAC user 001AE87F49D2 Mac 00:1A:E8:7F:49:D2 port 5 Here is my netlogin config: * X440G2-48p-10G4.100 # sh configuration "netlogin" # # Module netLogin configuration. # enable netlogin mac configure netlogin mac authentication database-order local configure netlogin authentication protocol-order mac dot1x web-based configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "}eqrthug" enable netlogin ports 1-44 mac and aaa config (NAC is my radius): # Module aaa configuration. # configure radius netlogin 1 server 192.168.36.80 1812 client-ip 192.168.36.231 vr VR-Default configure radius 1 shared-secret encrypted "#$fPXY767cV5/sPn3skPxEgMScJGlMOi9B7tKPIpB7" configure radius-accounting netlogin 1 server 192.168.36.80 1813 client-ip 192.168.36.231 vr VR-Default configure radius-accounting 1 shared-secret encrypted "#$MHHPB8XKQVHhmbrvq4Og9d3stHCRr9PE29nNW5Ev" configure radius-accounting 1 timeout 10 enable radius disable radius mgmt-access enable radius netlogin configure radius timeout 15 enable radius-accounting disable radius-accounting mgmt-access enable radius-accounting netlogin configure account admin encrypted "$5$DDz7LO$enRGUuZ8/kFW74TqsMOXX2WrJhPZD1B1rxPuzhI4ifC" On each access port I have: configure netlogin port authentication mode optional What is wrong ? Beside, I cannot enter the command: configure netlogin vlan - CLI doesn't allow me to put this command (?). EXOS version is 21.1.1.4
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-14-2017 02:44 PM
Nice try, Tyler and Ronald! You both were right -I changed "configure netlogin mac authentication database-order local" to "radius" and then I have in my log: 02/14/2017 15:39:01.51 Network Login MAC user 001AE87F49D2 logged in MAC 00:1A:E8:7F:49:D2 port 1 VLAN(s) "", authentication Radius. I can also see the end-system in NAC database. Thank you !
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-14-2017 02:32 PM
I'm not an XOS export but as far as I unterstand...
"configure netlogin mac authentication database-order local" will use the local user database and doesn't use the RADIUS=NAC for authentication
"configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "}eqrthug"" the password will be used for all the MAC authentication clients - but I'd say they don't send one or the password is the MAC so I'd remove the "encrypted " option
Could you post a "show netlogin mac" from the switch,
I think you'd need to set the netlogin vlan before you enable netlogin.
"configure netlogin mac authentication database-order local" will use the local user database and doesn't use the RADIUS=NAC for authentication
"configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "}eqrthug"" the password will be used for all the MAC authentication clients - but I'd say they don't send one or the password is the MAC so I'd remove the "encrypted " option
Could you post a "show netlogin mac" from the switch,
I think you'd need to set the netlogin vlan before you enable netlogin.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
02-14-2017 02:31 PM
Hi Robert,
Have you tried configuring from NAC already? Also, the authentication configuration on the 440-G2 can be accomplished from enabling via Policy in Management Center as well.
The main item that I see that is problematic is: "configure netlogin mac authentication database-order local"
You want this to be sent to RADIUS (which is the NAC) so that it can authenticate it and pass back a response.
Hope that helps.
Thanks,
Tyler
Have you tried configuring from NAC already? Also, the authentication configuration on the 440-G2 can be accomplished from enabling via Policy in Management Center as well.
The main item that I see that is problematic is: "configure netlogin mac authentication database-order local"
You want this to be sent to RADIUS (which is the NAC) so that it can authenticate it and pass back a response.
Hope that helps.
Thanks,
Tyler
