Netlogin mac on local switch

  • 0
  • 2
  • Question
  • Updated 5 years ago
Create Date: Apr 12 2013 5:42PM

I'm doing some testing on getting netlogin to work.

I'm first just trying to get the basic mac authentication to work then I want it to work with just the MAC OUI, but as I said I just want to try and get this to work with a straight up mac address.

create vlan nlvlan
create vlan Phone
configure vlan Phone tag 61
configure netlogin vlan nlvlan
enable netlogin mac
enable netlogin ports 11-20 mac
configure netlogin ports 11-20 mode mac-based-vlans

configure netlogin add mac-list 70:81:05:85:B8:A6 48



I'm getting this in the log showing that's not working.

<Info:nl.ClientAuthFailure> Authentication failed for Network Login MAC user 70810585B8A6 Mac 70:81:05:85:B8:A6 port 11

* X440-48p.17 # show netlogin mac-list
MAC Address/Mask      Password (encrypted)            Port(s)
--------------------  ------------------------------  ------------------------
70:81:05:85:B8:A6/48  <not configured>                any
70:81:00:00:00:00/16  <not configured>                any



Second quick question.  What is the difference between netlogin local-users and netlogin mac-list?


Thanks in advance!

(from bw447)
Photo of EtherNation User

EtherNation User, Employee

  • 20,350 Points 20k badge 2x thumb

Posted 5 years ago

  • 0
  • 2
Photo of EtherNation User

EtherNation User, Employee

  • 20,350 Points 20k badge 2x thumb
Create Date: Apr 14 2013 9:32PM

hey bw447

I have this set up in a script so that I can load it on a switch as I do demos.  SO these commands have variables in them but I also show the variables.  All you have to do is remove the variables and put in the true vales.  I hope this makes sense if not let me know and I will redo it.  I am just copying and pasting to save time. :)

configure netlogin vlan temp                                                                                                             
enable netlogin mac                                                                                                                      
enable netlogin ports 11-20 mac

These are the variables that would be entered into the command.

# @VariableFieldLabel "Enter First Authorized MAC w/ octets separated by colons"
set var MAC1 00:04:0D:00:00:00
# @VariableFieldLabel "Enter First Authorized MAC password"
set var MAC1_Password 00040d000000

These are the commands

configure netlogin add mac-list $MAC1 $MAC1_Mask $MAC1_Password                                                                                      
create netlogin local-user $MAC1 $MAC1_Password vlan-vsa $MAC1_VLAN security-profile $MAC1_Profile

Hope this helps let me know if they don't

P

(from Paul_Russo)
Photo of EtherNation User

EtherNation User, Employee

  • 20,350 Points 20k badge 2x thumb
Create Date: Apr 15 2013 6:18PM

Hi prusso.

I tried the commands that you gave me, changing out the mac address for the one on my phone.  I'm stilling get the error.

04/15/2013 13:10:02.58 <Info:nl.ClientAuthFailure> Authentication failed for Network Login MAC user 70810585B8A6 Mac 70:81:05:85:B8:A6 port 12

I think that it has to be something that I'm doing wrong.  I rebooted the switch without making any changes before I typed in your commands.  I verified that netlogin wasn't running and that I didn't have any macs in the local-user or mac-list.  Then I typed in the commands.

Thanks for your help!

* X440-48p.4 # show netlogin mac

NetLogin Authentication Mode : web-based DISABLED;  802.1x DISABLED;  mac-based ENABLED
NetLogin VLAN                : "nlvlan"
NetLogin move-fail-action    : Deny
NetLogin Client Aging Time   : 5 minutes
Dynamic VLAN Creation        : Disabled
Dynamic VLAN Uplink Ports    : None

------------------------------------------------
          MAC Mode Global Configuration
------------------------------------------------

MAC Address/Mask      Password (encrypted)            Port(s)
--------------------  ------------------------------  ------------------------
70:81:05:85:B8:A6/48  :4:032?6C=M7                    any

Re-authentication period        : 0 (Re-authentication disabled)
Authentication Database         : Local-User database
------------------------------------------------

Port: 11,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 12,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
70:81:05:85:b8:a6  0.0.0.0          No                MAC     0              
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 13,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 14,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 15,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 16,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 17,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 18,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 19,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 20,  Vlan: nlvlan,  State: Enabled,  Authentication: mac-based
Guest Vlan <Not Configured>: Disabled
Authentication Failure Vlan <Not Configured>: Disabled
Authentication Service-Unavailable Vlan <Not Configured>: Disabled

MAC                IP address       Authenticated     Type    ReAuth-Timer   User          
-----------------------------------------------
(B) - Client entry Blackholed in FDB


Number of Clients Authenticated  : 0

(from bw447)

This conversation is no longer open for comments or replies.