This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Slot-1: Authentication failed for Network Login MAC user

Slot-1: Authentication failed for Network Login MAC user

holden
New Contributor

ā€Ž04-03-2017 05:49 AM

Hi,

We have a strange issue on one of our Switches which are using mac-based netlogin with vendor tag for the VLAN and radius:

  • many Mac-Adresses can authenticate successfully to this Switch, some Mac-Adresses can not
  • The Mac-Adresses that can not authenticate, can authenticate on other Switches
  • The Mac-Adresses can not authenticate on any port, where other Mac-Adresses can authenticate.
  • The Configuration was not modified and had worked all the time properly
  • The Devices are connected on a ReachNxt through Fiber
  • I can see in the Radius logs that the authentication was State success
  • The Issue is VLAN independent
  • If the Netlogin assigns one VLAN to the Port, no other Mac-Adresses can authenticate
How can i debug this issue on EXOS Side?

Is there any debug command which Shows me all Information about the processing?

Thanks in Advance!

0 Kudos
3 REPLIES 3

holden
New Contributor

ā€Ž04-03-2017 06:42 AM

Thanks,

the logs also Shows Code 2 but afterwards athentication failed:

04/03/2017 10:32:27.47 Slot-1: Authentication failed for Network Login MAC user 000E8CEB8325 Mac 00:0E:8C:EB:83:25 port 1:23
04/03/2017 10:32:27.47 Slot-1: _aaaRespondToClient-: sent message to client:peer 13
04/03/2017 10:32:27.47 Slot-1: _aaaRespondToClient- :Peer 13
04/03/2017 10:32:27.47 Slot-1: _aaaRequestDequeue-: remove and dequeue peer request 13, count 0
04/03/2017 10:32:27.46 Slot-1: RADIUS:Got a reply, code 2, length 83
04/03/2017 10:32:27.46 Slot-1: Radius Packet ID 161 returned
04/03/2017 10:32:27.46 Slot-1: __aaaReqFindRadiusInQueue-:found by pktId 161 authMethod 2

What can be the issue?

Thanks in advance.
0 Kudos

Chacko
Contributor
In response to holden

ā€Ž04-03-2017 06:42 AM

Hi,

the switch received an acces-access packet (reply code 2).
Is there maybe a MAC-lock defined on the port? Or a restriction, that only one-mac is permitted?
Do you use the NAC-Appliances by ExtremeNetworks as a radius-server or another product?
Is every switch at your site configured to contact the same radius-server?

Best Regards
Chacko
0 Kudos

OscarK
Extreme Employee

ā€Ž04-03-2017 05:55 AM

Hello, you can enable extra logging for radius/netlogin, that will provide you with the reasons probably.
Below an article describing how to do this.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-enable-additional-debug-logs-in-EXO...

0 Kudos
GTM-P2G8KFN