NAC doesn't accept RADIUS requests from Summits

  • 0
  • 1
  • Problem
  • Updated 1 year ago
  • Solved
Hello, everybody,

I want to setup MAC-based auth on Summits using NAC as RADIUS for Identity-Management purposes.

Summit sends requests to NAC, NAC receives them, but denies. I suppose, that the summit is not set as Radius client in NAC.

What I have on the Summit:

# Module netLogin configuration.
#
configure netlogin vlan NTLG
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
enable netlogin ports 1-44 dot1x
enable netlogin ports 1-44 mac
configure netlogin ports 1 mode mac-based-vlans
configure netlogin ports 1 no-restart

configure radius netlogin primary server 192.168.13.251 1812 client-ip 192.168.13.5 vr VR-Default
configure radius netlogin primary shared-secret encrypted "#$OQazk8Nl5IHctghlB3infcpFFq9JBiFSRoujfikB"
enable radius netlogin


What I get on Summit after "enable netlogin dot1x mac" command:

05/30/2017 15:24:57.11 <Warn:AAA.RADIUS.noServerResp> Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for F4-6D-04-1B-D0-9B(username 'F46D041BD09B') on port 19.
05/30/2017 15:24:55.10 <Warn:AAA.RADIUS.noServerResp> Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for F0-BF-97-DC-23-E7(username 'F0BF97DC23E7') on port 15.
05/30/2017 15:24:52.11 <Warn:AAA.RADIUS.noServerResp> Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for 14-DA-E9-F7-BC-59(username '14DAE9F7BC59') on port 9.
05/30/2017 15:24:52.11 <Warn:AAA.RADIUS.noServerResp> Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for 3C-07-54-46-66-8D(username '3C075446668D') on port 6.
05/30/2017 15:24:52.11 <Warn:AAA.RADIUS.noServerResp> Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for 50-46-5D-73-81-0A(username '50465D73810A') on port 5.

In this condition all the ports configured are blocked.

On that time on NAC I have the following:



How can I make NAC to accept these requests?

Many thanks in advance,

Ilya
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,734 Points 5k badge 2x thumb
Hello,

You have to add the switch into the NAC switches tab and enforce in order for NAC to see the switch as an authorized source.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Add-Switches-to-NAC-Appliance-Group

Thanks
-Ryan
Photo of Ilya Semenov

Ilya Semenov

  • 4,610 Points 4k badge 2x thumb
Thanks, Ryan!

This did solve the issue. At last, I got Device Type and OS data into the Netsight.