NETLOGIN MAC BASE

  • 0
  • 1
  • Question
  • Updated 5 years ago
Create Date: Mar 5 2013 9:02AM

HELLO,

can some one help me about NETLOGIN MAC BASE authentication  configuration and sceanrio. i want to authenticate my 10 host laptop mac address
in local radius as extreme switch.please share configuration and and how host are authenticated.

i have tried with below config.

here is my config:

configure netlogin vlan nlvlan
enable netlogin mac
enable netlogin ports 4 mac
configure netlogin ports 4 mode port-based-vlans
configure netlogin ports 4 no-restart
configure netlogin add mac-list 88:ae:1d:2a:8b:32 48 ports 4
(from keshab_maharjan)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 5 2013 2:22PM

Have you created a MAC entry in the local database?

you can do it by running the commmand:

create netlogin local-user "88AE1D28B32" ## hit enter, it will prompt you for a password. Put the same MAC address again as a password.

Let us know how it goes from there.

(from ethernet)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 6 2013 6:12AM

Thanks for reply.

i have configured netlogin user like you said.
create netlogin local-user "88AE1D28B32

but when i checked

* X250e-24tdc.16 # sh netlogin port 4
Port                          : 4
Port Restart                  : Disabled
Allow Egress                  : None
Vlan                          : nlvlan
Authentication                : mac-based
Port State                    : Enabled
Guest Vlan                    : Disabled
Auth Failure Vlan             : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
88:ae:1d:2a:8b:32  0.0.0.0          No                MAC     0              
-----------------------------------------------
(B) - Client entry Blackholed in FDB

could you please guide me regarding how mac address are authenticated.

Thanks
(from keshab_maharjan)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 6 2013 5:56PM

Try to force the switch to take the local database for MAC addresses by running the command:

configure netlogin mac authentication database-order local

Let us know if this works.

(from ethernet)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 7 2013 5:48AM

please get my full config..

configure netlogin vlan vlan_10
enable netlogin mac
configure netlogin mac authentication database-order local
enable netlogin ports 4 mac
configure netlogin ports 4 mode port-based-vlans
configure netlogin ports 4 no-restart
configure netlogin add mac-list 88:ae:1d:2a:8b:32 48 ports 4
##########################################
X250e-24tdc.19 # sh netlogin port 4
Port                          : 4
Port Restart                  : Disabled
Allow Egress                  : None
Vlan                          : vlan_10
Authentication                : mac-based
Port State                    : Enabled
Guest Vlan                    : Disabled
Auth Failure Vlan             : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
88:ae:1d:2a:8b:32  0.0.0.0          No                MAC     0              
-----------------------------------------------
(B) - Client entry Blackholed in FDB
########################################------------------------------------------------
          MAC Mode Global Configuration
------------------------------------------------

MAC Address/Mask      Password (encrypted)            Port(s)
--------------------  ------------------------------  ------------------------
88:AE:1D:2A:8B:32/48  <not configured>                4                        

Re-authentication period    : 0 (Re-authentication disabled)
Authentication Database        : Local-User database
------------------------------------------------

Port: 4,  Vlan: vlan_10,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
88:ae:1d:2a:8b:32  0.0.0.0          No                MAC     0              
-----------------------------------------------
(B) - Client entry Blackholed in FDB

################################3

still no authentication please guide how can i verify....


(from keshab_maharjan)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 7 2013 2:52PM

I actually ran into an issue with case-sensitivity before. Remove the command:
configure netlogin add mac-list 88:ae:1d:2a:8b:32 48 ports 4

by running the command:
configure netlogin add mac-list 88:AE:1D:2A:8B:32 48 ports 4

Also, the username and password in the create netlogin local-user command, make sure those are uppercase too.

Hopefully, that is what is the last command that is missing from the switch.

(from ethernet)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 11 2013 5:06AM

same thing... after configuring with upper case

configure netlogin add mac-list 88:AE:1D:2A:8B:32 48 ports 4 and netlogin local-user..
* X250e-24tdc.40 # sh netlogin port 4
Port                          : 4
Port Restart                  : Disabled
Allow Egress                  : None
Vlan                          : vlan_10
Authentication                : mac-based
Port State                    : Enabled
Guest Vlan                    : Disabled
Auth Failure Vlan             : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
88:ae:1d:2a:8b:32  0.0.0.0          No                MAC     0              
-----------------------------------------------
(B) - Client entry Blackholed in FDB

could you please guide me how users authenticated..where we put user name and password which was created in SWITCH... do i need to dial..



(from keshab_maharjan)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 11 2013 5:13PM

Try to open the netlogin configuration to all MACs by running the command:

Configure netlogin add mac-list FF:FF:FF:FF:FF:FF 48 port X

This will *NOT* allow all devices to be authenticated. Only devices created in the Local DB by running the command "create netlogin local-user ...."

(from ethernet)
Photo of EtherNation User

EtherNation User, Employee

  • 20,340 Points 20k badge 2x thumb
Create Date: Mar 14 2013 5:12AM

hello,

pls get my full config

configure netlogin vlan vlan_101
enable netlogin mac
configure netlogin mac authentication database-order local
enable netlogin ports 24 mac
configure netlogin ports 24 mode port-based-vlans
configure netlogin ports 24 no-restart
configure netlogin add mac-list 88:ae:1d:2a:8b:32 48 ports 24
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 ports 24
##################################
* X250e-24tdc.23 # sh netlogin local-users detail
NetLogin Local User information:

User Name         : 88AE1D2A8B32
Extended-VLAN VSA : <not configured>
Security Profile  : <not configured>
Encrypted Password: 5v8oYJ$0jqA68g/xERMtonL0Wgq6.
##################################
X250e-24tdc.25 # sh netlogin mac

NetLogin Authentication Mode : web-based DISABLED;  802.1x DISABLED;  mac-based ENABLED
NetLogin VLAN                : "vlan_101"
NetLogin move-fail-action    : Deny
NetLogin Client Aging Time   : 5 minutes
Dynamic VLAN Creation        : Disabled
Dynamic VLAN Uplink Ports    : None

------------------------------------------------
          MAC Mode Global Configuration
------------------------------------------------

MAC Address/Mask      Password (encrypted)            Port(s)
--------------------  ------------------------------  ------------------------
88:AE:1D:2A:8B:32/48  <not configured>                24                       
Default               <not configured>                24                       

Re-authentication period    : 0 (Re-authentication disabled)
Authentication Database        : Local-User database
------------------------------------------------

Port: 24,  Vlan: vlan_101,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB
########################################
* X250e-24tdc.26 # sh fdb ports 24
Mac                     Vlan       Age  Flags         Port / Virtual Port List
------------------------------------------------------------------------------

Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
        x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
        b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
        D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC,
        S - Software Controlled Deletion

Total: 2 Static: 0  Perm: 0  Dyn: 2  Dropped: 0  Locked: 0  Locked with Timeout: 0
FDB Aging time: 300
########################################

* X250e-24tdc.30 # sh netlogin port 24
Port                          : 24
Port Restart                  : Disabled
Allow Egress                  : None
Vlan                          : vlan_101
Authentication                : mac-based
Port State                    : Enabled
Guest Vlan                    : Disabled
Auth Failure Vlan             : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
88:ae:1d:2a:8b:32  0.0.0.0          No                MAC     0              
-----------------------------------------------
(B) - Client entry Blackholed in FDB

############################################


please help how  netlogin works with local database and authenticated....



(from keshab_maharjan)

This conversation is no longer open for comments or replies.