Some of you have played with the latest DemoKit version and the policy assigned to a EXtremeXOS switch?

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
Hi all,

I’ve downloaded the latest version of the demo kit and I was very happy for the ability now to use a ExtremeXOS G2 switch.
I’ve got a x450-G2 switch upgraded to the latest image summitX-21.1.2.14
Then I’ve configured the DemoKit following the instructions made for the x440-G2 switch (I’ve got an x450-G2 but I Think this is not a problem).

My final switch configuration after the policy install from the OneView page as descripted in the instructions pdf is:
X450-G2-24p-GE4.3 # show configuration
#
# Module devmgr configuration.
#
configure snmp sysName "X450-G2-24p-GE4"
configure snmp sysLocation "Ravenna CED Demo Extreme DCM"
configure snmp sysContact "DemoExtreme"
configure sys-recovery-level switch reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-28
configure vr VR-Default add ports 1-28
configure vlan default delete ports 1-28
create qosprofile "QP2"
create qosprofile "QP3"
create qosprofile "QP4"
create qosprofile "QP5"
create qosprofile "QP6"
create qosprofile "QP7"
configure ports group "Default (TXQ.0)" add 1-16
create vlan "VLAN10"
configure vlan VLAN10 description "VLAN 10"
configure vlan VLAN10 tag 10
configure vlan VLAN10 add ports 1-16 untagged
configure vlan VLAN10 ipaddress 192.168.10.11 255.255.255.0
configure qosscheduler strict-priority ports "Default (TXQ.0)"
configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP2 maxbuffer 100 weight 1
configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP3 maxbuffer 100 weight 1
configure qosprofile QP3 peak_rate 2000 K ports "Default (TXQ.0)"
configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP4 maxbuffer 100 weight 1
configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP5 maxbuffer 100 weight 1
configure qosprofile QP5 peak_rate 5000 K ports "Default (TXQ.0)"
configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP6 maxbuffer 100 weight 1
configure qosprofile QP6 peak_rate 10000 K ports "Default (TXQ.0)"
configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP7 maxbuffer 100 weight 1
configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)"
configure qosprofile QP2 minbw 0 maxbw 100 ports 17
configure qosprofile QP3 minbw 0 maxbw 100 ports 17
configure qosprofile QP4 minbw 0 maxbw 100 ports 17
configure qosprofile QP5 minbw 0 maxbw 100 ports 17
configure qosprofile QP6 minbw 0 maxbw 100 ports 17
configure qosprofile QP7 minbw 0 maxbw 100 ports 17
configure qosprofile QP2 minbw 0 maxbw 100 ports 18
configure qosprofile QP3 minbw 0 maxbw 100 ports 18
configure qosprofile QP4 minbw 0 maxbw 100 ports 18
configure qosprofile QP5 minbw 0 maxbw 100 ports 18
configure qosprofile QP6 minbw 0 maxbw 100 ports 18
configure qosprofile QP7 minbw 0 maxbw 100 ports 18
configure qosprofile QP2 minbw 0 maxbw 100 ports 19
configure qosprofile QP3 minbw 0 maxbw 100 ports 19
configure qosprofile QP4 minbw 0 maxbw 100 ports 19
configure qosprofile QP5 minbw 0 maxbw 100 ports 19
configure qosprofile QP6 minbw 0 maxbw 100 ports 19
configure qosprofile QP7 minbw 0 maxbw 100 ports 19
configure qosprofile QP2 minbw 0 maxbw 100 ports 20
configure qosprofile QP3 minbw 0 maxbw 100 ports 20
configure qosprofile QP4 minbw 0 maxbw 100 ports 20
configure qosprofile QP5 minbw 0 maxbw 100 ports 20
configure qosprofile QP6 minbw 0 maxbw 100 ports 20
configure qosprofile QP7 minbw 0 maxbw 100 ports 20
configure qosprofile QP2 minbw 0 maxbw 100 ports 21
configure qosprofile QP3 minbw 0 maxbw 100 ports 21
configure qosprofile QP4 minbw 0 maxbw 100 ports 21
configure qosprofile QP5 minbw 0 maxbw 100 ports 21
configure qosprofile QP6 minbw 0 maxbw 100 ports 21
configure qosprofile QP7 minbw 0 maxbw 100 ports 21
configure qosprofile QP2 minbw 0 maxbw 100 ports 22
configure qosprofile QP3 minbw 0 maxbw 100 ports 22
configure qosprofile QP4 minbw 0 maxbw 100 ports 22
configure qosprofile QP5 minbw 0 maxbw 100 ports 22
configure qosprofile QP6 minbw 0 maxbw 100 ports 22
configure qosprofile QP7 minbw 0 maxbw 100 ports 22
configure qosprofile QP2 minbw 0 maxbw 100 ports 23
configure qosprofile QP3 minbw 0 maxbw 100 ports 23
configure qosprofile QP4 minbw 0 maxbw 100 ports 23
configure qosprofile QP5 minbw 0 maxbw 100 ports 23
configure qosprofile QP6 minbw 0 maxbw 100 ports 23
configure qosprofile QP7 minbw 0 maxbw 100 ports 23
configure qosprofile QP2 minbw 0 maxbw 100 ports 24
configure qosprofile QP3 minbw 0 maxbw 100 ports 24
configure qosprofile QP4 minbw 0 maxbw 100 ports 24
configure qosprofile QP5 minbw 0 maxbw 100 ports 24
configure qosprofile QP6 minbw 0 maxbw 100 ports 24
configure qosprofile QP7 minbw 0 maxbw 100 ports 24
configure qosprofile QP2 minbw 0 maxbw 100 ports 25
configure qosprofile QP3 minbw 0 maxbw 100 ports 25
configure qosprofile QP4 minbw 0 maxbw 100 ports 25
configure qosprofile QP5 minbw 0 maxbw 100 ports 25
configure qosprofile QP6 minbw 0 maxbw 100 ports 25
configure qosprofile QP7 minbw 0 maxbw 100 ports 25
configure qosprofile QP2 minbw 0 maxbw 100 ports 26
configure qosprofile QP3 minbw 0 maxbw 100 ports 26
configure qosprofile QP4 minbw 0 maxbw 100 ports 26
configure qosprofile QP5 minbw 0 maxbw 100 ports 26
configure qosprofile QP6 minbw 0 maxbw 100 ports 26
configure qosprofile QP7 minbw 0 maxbw 100 ports 26
configure qosprofile QP2 minbw 0 maxbw 100 ports 27
configure qosprofile QP3 minbw 0 maxbw 100 ports 27
configure qosprofile QP4 minbw 0 maxbw 100 ports 27
configure qosprofile QP5 minbw 0 maxbw 100 ports 27
configure qosprofile QP6 minbw 0 maxbw 100 ports 27
configure qosprofile QP7 minbw 0 maxbw 100 ports 27
configure qosprofile QP2 minbw 0 maxbw 100 ports 28
configure qosprofile QP3 minbw 0 maxbw 100 ports 28
configure qosprofile QP4 minbw 0 maxbw 100 ports 28
configure qosprofile QP5 minbw 0 maxbw 100 ports 28
configure qosprofile QP6 minbw 0 maxbw 100 ports 28
configure qosprofile QP7 minbw 0 maxbw 100 ports 28
configure dot1p type 1 qosprofile QP2
configure dot1p type 2 qosprofile QP3
configure dot1p type 3 qosprofile QP4
configure dot1p type 4 qosprofile QP5
configure dot1p type 5 qosprofile QP6
configure dot1p type 6 qosprofile QP7
configure cos-index 8 qosprofile QP4 replace-tos 48
configure cos-index 9 qosprofile QP3
configure cos-index 10 qosprofile QP5

#
# Module mcmgr configuration.
#

#
# Module fdb configuration.
#

#
# Module rtmgr configuration.
#
configure iproute add default 192.168.10.1

#
# Module policy configuration.
#
enable policy
configure netlogin port 9 authentication mode optional
configure policy profile 1 name "Blackberry"
configure policy profile 2 name "Failsafe"
configure policy profile 3 name "Contractor" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
configure policy profile 4 name "Administrator" pvid-status "enable" pvid 4095
configure policy profile 5 name "Deny Access" pvid-status "enable" pvid 0
configure policy profile 6 name "Guest Access" pvid-status "enable" pvid 0 cos-status "enable" cos 9
configure policy profile 7 name "Apple iOS"
configure policy profile 8 name "Quarantine" pvid-status "enable" pvid 0
configure policy profile 9 name "Unregistered" pvid-status "enable" pvid 0
configure policy profile 10 name "Staff" pvid-status "enable" pvid 4095 cos-status "enable" cos 5
configure policy profile 11 name "Enterprise User" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
configure policy profile 12 name "Notification" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
configure policy profile 13 name "Android" pvid-status "enable" pvid 4095
configure policy profile 14 name "Student" pvid-status "enable" pvid 4095 cos-status "enable" cos 10
configure policy profile 15 name "Assessing" pvid-status "enable" pvid 0
configure policy rule admin-profile port 9 mask 16 port-string 9 admin-pid 6

#
# Module aaa configuration.
#
configure radius netlogin 1 server 192.168.30.35 1812 client-ip 192.168.10.11 vr VR-Default
configure radius 1 shared-secret encrypted "#$BBItVXnJlluq2FNFp9OY+5B/B+hyKRJ+ZzKj4bR7"
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 20
configure account admin encrypted "$5$DDzfrW$Nfyz1L3pzhall6TbrEEANFMxVRytqYewwAh4.5EjTfD"

#
# Module acl configuration.
#

#
# Module bfd configuration.
#

#
# Module cfgmgr configuration.
#

#
# Module dosprotect configuration.
#

#
# Module dot1ag configuration.
#

#
# Module eaps configuration.
#

#
# Module edp configuration.
#

#
# Module elrp configuration.
#

#
# Module ems configuration.
#

#
# Module epm configuration.
#

#
# Module erps configuration.
#

#
# Module esrp configuration.
#

#
# Module ethoam configuration.
#

#
# Module etmon configuration.
#

#
# Module exsshd configuration.
#
enable ssh2

#
# Module hal configuration.
#

#
# Module idMgr configuration.
#
enable identity-management
configure identity-management add ports 7-16

#
# Module ipSecurity configuration.
#
enable ip-security dhcp-snooping vlan VLAN10 port 5 violation-action none
configure trusted-ports 5 trust-for dhcp-server
configure trusted-servers vlan VLAN10 add server 192.168.10.1 trust-for dhcp-server

#
# Module ipfix configuration.
#

#
# Module lldp configuration.
#
configure lldp port 1 advertise port-description
configure lldp port 1 advertise system-name
configure lldp port 1 advertise system-capabilities
configure lldp port 1 advertise management-address
configure lldp port 2 advertise port-description
configure lldp port 2 advertise system-name
configure lldp port 2 advertise system-capabilities
configure lldp port 2 advertise management-address
configure lldp port 3 advertise port-description
configure lldp port 3 advertise system-name
configure lldp port 3 advertise system-capabilities
configure lldp port 3 advertise management-address
configure lldp port 4 advertise port-description
configure lldp port 4 advertise system-name
configure lldp port 4 advertise system-capabilities
configure lldp port 4 advertise management-address
configure lldp port 5 advertise port-description
configure lldp port 5 advertise system-name
configure lldp port 5 advertise system-capabilities
configure lldp port 5 advertise management-address
configure lldp port 6 advertise port-description
configure lldp port 6 advertise system-name
configure lldp port 6 advertise system-capabilities
configure lldp port 6 advertise management-address
configure lldp port 7 advertise port-description
configure lldp port 7 advertise system-name
configure lldp port 7 advertise system-capabilities
configure lldp port 7 advertise management-address
configure lldp port 8 advertise port-description
configure lldp port 8 advertise system-name
configure lldp port 8 advertise system-capabilities
configure lldp port 8 advertise management-address
configure lldp port 9 advertise port-description
configure lldp port 9 advertise system-name
configure lldp port 9 advertise system-capabilities
configure lldp port 9 advertise management-address
configure lldp port 10 advertise port-description
configure lldp port 10 advertise system-name
configure lldp port 10 advertise system-capabilities
configure lldp port 10 advertise management-address
configure lldp port 11 advertise port-description
configure lldp port 11 advertise system-name
configure lldp port 11 advertise system-capabilities
configure lldp port 11 advertise management-address
configure lldp port 12 advertise port-description
configure lldp port 12 advertise system-name
configure lldp port 12 advertise system-capabilities
configure lldp port 12 advertise management-address
configure lldp port 13 advertise port-description
configure lldp port 13 advertise system-name
configure lldp port 13 advertise system-capabilities
configure lldp port 13 advertise management-address
configure lldp port 14 advertise port-description
configure lldp port 14 advertise system-name
configure lldp port 14 advertise system-capabilities
configure lldp port 14 advertise management-address
configure lldp port 15 advertise port-description
configure lldp port 15 advertise system-name
configure lldp port 15 advertise system-capabilities
configure lldp port 15 advertise management-address
configure lldp port 16 advertise port-description
configure lldp port 16 advertise system-name
configure lldp port 16 advertise system-capabilities
configure lldp port 16 advertise management-address
configure lldp port 17 advertise port-description
configure lldp port 17 advertise system-name
configure lldp port 17 advertise system-capabilities
configure lldp port 17 advertise management-address
configure lldp port 18 advertise port-description
configure lldp port 18 advertise system-name
configure lldp port 18 advertise system-capabilities
configure lldp port 18 advertise management-address
configure lldp port 19 advertise port-description
configure lldp port 19 advertise system-name
configure lldp port 19 advertise system-capabilities
configure lldp port 19 advertise management-address
configure lldp port 20 advertise port-description
configure lldp port 20 advertise system-name
configure lldp port 20 advertise system-capabilities
configure lldp port 20 advertise management-address
configure lldp port 21 advertise port-description
configure lldp port 21 advertise system-name
configure lldp port 21 advertise system-capabilities
configure lldp port 21 advertise management-address
configure lldp port 22 advertise port-description
configure lldp port 22 advertise system-name
configure lldp port 22 advertise system-capabilities
configure lldp port 22 advertise management-address
configure lldp port 23 advertise port-description
configure lldp port 23 advertise system-name
configure lldp port 23 advertise system-capabilities
configure lldp port 23 advertise management-address
configure lldp port 24 advertise port-description
configure lldp port 24 advertise system-name
configure lldp port 24 advertise system-capabilities
configure lldp port 24 advertise management-address
configure lldp port 25 advertise port-description
configure lldp port 25 advertise system-name
configure lldp port 25 advertise system-capabilities
configure lldp port 25 advertise management-address
configure lldp port 26 advertise port-description
configure lldp port 26 advertise system-name
configure lldp port 26 advertise system-capabilities
configure lldp port 26 advertise management-address
configure lldp port 27 advertise port-description
configure lldp port 27 advertise system-name
configure lldp port 27 advertise system-capabilities
configure lldp port 27 advertise management-address
configure lldp port 28 advertise port-description
configure lldp port 28 advertise system-name
configure lldp port 28 advertise system-capabilities
configure lldp port 28 advertise management-address

#
# Module mrp configuration.
#

#
# Module msdp configuration.
#

#
# Module netLogin configuration.
#
enable netlogin mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "CKR@PTPLSA"
enable netlogin ports 9 mac
configure netlogin dot1x ports 9 timers reauthentication off
configure netlogin mac username format hyphenated
configure netlogin mac ports 9 timers reauthentication on

#
# Module netTools configuration.
#

#
# Module ntp configuration.
#
enable ntp
enable ntp vlan VLAN10
configure ntp server add 192.168.10.1

#
# Module poe configuration.
#

#
# Module rip configuration.
#

#
# Module ripng configuration.
#

#
# Module snmpMaster configuration.
#
configure snmpv3 add user "snmpuser" engine-id 80:00:07:7c:03:00:04:96:99:e6:e8 authentication md5 auth-encrypted localized-key 23:d4:23:ad:23:00:23:f2:23:f2:23:b3:23:85:23:9e:23:f0:23:0c:23:b5:23:8f:2b:23:e2:33:23:d1 privacy privacy-encrypted localized-key 23:9c:78:23:b0:23:ce:23:0b:3d:23:c2:23:c1:23:aa:23:ea:23:88:23:bb:36:31:25:23:f0
configure snmpv3 add group "admin" user "snmpuser" sec-model usm
configure snmpv3 add target-addr "TVsnmpuser" param "TV1snmpuser" ipaddress 192.168.30.34 transport-port 162 tag-list "TVInformTag"
configure snmpv3 add target-params "TV1snmpuser" user "snmpuser" mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add notify "TVInformTag" tag "TVInformTag" type inform

#
# Module stp configuration.
#

#
# Module techSupport configuration.
#

#
# Module telnetd configuration.
#

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#

#
# Module twamp configuration.
#

#
# Module vmt configuration.
#

#
# Module vsm configuration.
#
X450-G2-24p-GE4.4 #

The problem si when I plug in my laptop to port 9 of the switch, and the policy assigned remain “Unregistered” and ais not able to obtain the IP address and the default role “Guest Access”.
I’ve followed step by step the instructions, but the problem remain.
Below some screenshots of the end-point events and configuration:






What can be the problem?
The demokit use the x440-G2 as ExtremeXOS switch, but x450-G2 has got the same capabilities, so can't be a problem this one...
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,176 Points 2k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Make sure for the auth policy, you are sending back login-LAT-port of 1 not 0.  If it's 0 it will stay unauthenticated.

(Edited)
Photo of Piotr Owczarek

Piotr Owczarek

  • 484 Points 250 badge 2x thumb
AFIAK Login Lat port is used only in wireless connection. I found that there is a problem with dhcp relaying in Summit with Poicy Enabled. I am not sure that bug  is still present in newest firmware. 
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,176 Points 2k badge 2x thumb
Hi Jeremy and Piotr, Login-LAT-Port is 0 on the Unauthenticated policy and on the Guest Access is 1.
I've sent an email to the demokit support, and in their first reply one of my problem was that when I've enforced the policy to the switch, on this the rules were not created (the roles instead yes).
So I've made another enforce and now I've also the rules.
Despite this, the problem on port 9 is always the same.
I'm waiting for the new reply from the demokit support team.
But another problem that is present in this new version is that I'm no more able to authenticate via 802.1x (the times are all in sync), and in the freeradius server on demogw in the log files there are messages like the following:

If I look the subject field in the certificate of the nacappliance.demo.com, this is set to tag.demo.com and probally this doesn't like to the freeradius, that aspect to see nacapplaince.demo.com
I don't know if this problem may have conseguence also on my first problem above...
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,176 Points 2k badge 2x thumb
I forget to says that the radius reject my user...
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,176 Points 2k badge 2x thumb
To be precise, if I use a iPhone instead of my laptop, the 802.1x authentication works..
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,176 Points 2k badge 2x thumb
Hi, after playing with the DemoKit, I've discovered that the problem is with a specific laptop with windows 10, but with other laptop with the same OS and other with different versions of windows, the client is correctly redirect to the authentication guest page.