Slot-1: Authentication failed for Network Login MAC user

  • 0
  • 1
  • Question
  • Updated 12 months ago
  • Answered


We have a strange issue on one of our Switches which are using mac-based netlogin with vendor tag for the VLAN and radius:

  • many Mac-Adresses can authenticate successfully to this Switch, some Mac-Adresses can not
  • The Mac-Adresses that can not authenticate, can authenticate on other Switches
  • The Mac-Adresses can not authenticate on any port, where other Mac-Adresses can authenticate.
  • The Configuration was not modified and had worked all the time properly
  • The Devices are connected on a ReachNxt through Fiber
  • I can see in the Radius logs that the authentication was State success
  • The Issue is VLAN independent
  • If the Netlogin assigns one VLAN to the Port, no other Mac-Adresses can authenticate

How can i debug this issue on EXOS Side?

Is there any debug command which Shows me all Information about the processing?

Thanks in Advance!

Photo of holden


  • 452 Points 250 badge 2x thumb

Posted 12 months ago

  • 0
  • 1
Photo of OscarK

OscarK, ESE

  • 7,482 Points 5k badge 2x thumb
Hello, you can enable extra logging for radius/netlogin, that will provide you with the reasons probably.
Below an article describing how to do this.
Photo of holden


  • 452 Points 250 badge 2x thumb


the logs also Shows Code 2 but afterwards athentication failed:

04/03/2017 10:32:27.47 <Info:nl.ClientAuthFailure> Slot-1: Authentication failed for Network Login MAC user 000E8CEB8325 Mac 00:0E:8C:EB:83:25 port 1:23
04/03/2017 10:32:27.47 <Summ:AAA.Trace> Slot-1: _aaaRespondToClient-: sent message to client:peer 13
04/03/2017 10:32:27.47 <Summ:AAA.Trace> Slot-1: _aaaRespondToClient- :Peer 13
04/03/2017 10:32:27.47 <Summ:AAA.Trace> Slot-1: _aaaRequestDequeue-: remove and dequeue peer request 13, count 0
04/03/2017 10:32:27.46 <Summ:AAA.RADIUS.Trace> Slot-1: RADIUS:Got a reply, code 2, length 83
04/03/2017 10:32:27.46 <Summ:AAA.RADIUS.Trace> Slot-1: Radius Packet ID 161 returned
04/03/2017 10:32:27.46 <Summ:AAA.Trace> Slot-1: __aaaReqFindRadiusInQueue-:found by pktId 161 authMethod 2

What can be the issue?

Thanks in advance.

Photo of Chacko


  • 1,206 Points 1k badge 2x thumb

the switch received an acces-access packet (reply code 2).
Is there maybe a MAC-lock defined on the port? Or a restriction, that only one-mac is permitted?
Do you use the NAC-Appliances by ExtremeNetworks as a radius-server or another product?
Is every switch at your site configured to contact the same radius-server?

Best Regards