No Netlogin VLAN option

  • 0
  • 1
  • Question
  • Updated 2 weeks ago
I'm trying to configure netlogin and I don't seem to have the option to set a netlogin vlan.  Is this a licensing issue or something else I'm missing?

Photo of Terren Crider

Terren Crider

  • 1,364 Points 1k badge 2x thumb

Posted 2 weeks ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 44,170 Points 20k badge 2x thumb
model and software version of the switch ?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 44,170 Points 20k badge 2x thumb
could you post a "show netlogin"
Photo of Terren Crider

Terren Crider

  • 1,364 Points 1k badge 2x thumb
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 44,170 Points 20k badge 2x thumb
Is that a special version as I can't find that one on the download server - could you try to upgrade to a newer version ?
Photo of Terren Crider

Terren Crider

  • 1,364 Points 1k badge 2x thumb
I can upgrade to 21.1.4.4 patch 1-6.  There are software bugs in later releases that prevent me from upgrading beyond that.

https://www.extremenetworks.com/extreme-hardwaresoftware-compatibility-recommendation-matrices/softw...
Photo of Terren Crider

Terren Crider

  • 1,364 Points 1k badge 2x thumb
I upgraded to 21.1.4.4 patch 1-6.  I still don't have the command "configure netlogin vlan".
Photo of Ahmed Haroun

Ahmed Haroun

  • 888 Points 500 badge 2x thumb
may be because you have enabled policy? 
Photo of OscarK

OscarK, ESE

  • 7,692 Points 5k badge 2x thumb
Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.
Photo of Ahmed Haroun

Ahmed Haroun

  • 888 Points 500 badge 2x thumb
Same request for me, it is really not clear how both works together.
Photo of Kawawa

Kawawa, GTAC

  • 3,150 Points 3k badge 2x thumb
Hi Terrence, please run the show policy state command to verify the status of policy.  The NetLogin VLAN will only be removed from the configuration list IF policy is enabled
# enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
# show policy state
Policy is currently: ENABLED
# configure netlogin vlan
                     ^
%% Invalid input detected at '^' marker.
Once policy is disabled, the netlogin VLAN can be configured:
# disable policy
# configure netlogin vlan
  <vlan_name>     NetLogin VLAN for the current Virtual Router
Kind regards
Photo of Terren Crider

Terren Crider

  • 1,362 Points 1k badge 2x thumb
show policy state shows that policy is enabled.

Are policy and Netlogin mutually exclusive?  How would I do both?  And is the policy in question here the ACL/local policy, or the EMC managed policy, or both?
Photo of Kawawa

Kawawa, GTAC

  • 3,150 Points 3k badge 2x thumb
Hi Terren, I apologize for my earlier response, I read your response as "I do not have policy enabled".

Anyhow, the old Netlogin was VLAN dependent.  An unauthenticated port had to be put somewhere while it is not authenticated, thus the need for the Netlogin VLAN.  With Policy (not the ACL policy, but  the XMC type of policy), the unauthenticated port can belong no where, and will be moved to its respective VLAN when tunnel attributes or the Filter-ID are passed down from RADIUS, or it can directly belong to the VLAN it will belong post authentication.  It is this difference in architecture, that makes this specific configuration aspect mutually exclusive.  The following outlines what changes when policy is enabled:

https://documentation.extremenetworks.com/exos_22.2/exos_21_1/onepolicy/c_netlogin-authentication.sh...
 
Photo of Terren Crider

Terren Crider

  • 1,362 Points 1k badge 2x thumb
Thanks.  I'll give this a review and try it out.
Photo of Terren Crider

Terren Crider

  • 1,364 Points 1k badge 2x thumb
So, given everything I've learned in this thread I have a couple of questions.

Can I use netlogin and policy at the same time?

How do I configure netlogin when using policy (switch firmware 2x.x and EMC 8.x)?
Photo of Kawawa

Kawawa, GTAC

  • 3,150 Points 3k badge 2x thumb
Q. Can I use netlogin and policy at the same time?
A. Yes, you can.  Once policy is enabled you cannot configure your netlogin VLAN, plus the other commands outlined in the previous link I shared.

Here's an examples on how to configure Netlogin with XMC:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-netlogin-dot1x-via-policy...

And here's another one if you wanted to use a third party RADIUS Server:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-802-1x-based-Netlogin-wit...
Photo of Terren Crider

Terren Crider

  • 1,364 Points 1k badge 2x thumb
Thanks.  I'll give these a shot.
Photo of Terren Crider

Terren Crider

  • 1,364 Points 1k badge 2x thumb
I hate to prod and criticize, but do you have more up to date documentation regarding policy and netlogin?  Like I said, I'm on switch firmware 21.x and EMC 8.x.