Header Only - DO NOT REMOVE - Extreme Networks

Summit 450-G2 No RADIUS request send to NAC


Userlevel 3
Hi folks,

I have a problem integrating a Summit x450-G2 into the NAC solution.
Summit x450-G2 running version: 16.1.3.6 .

I want to to mac authentication with NAC but it seems that the switch doesn't send any radius packets to the NAC. Ping is possible from Switch to NAC and from NAC to Switch.

the Show Radius command shows that 0 requests are sent.

Show Logging: "MAC authentication was initiated, but mac-list for virtual router VR-Default is empty"

In my opinion it seems that the switch tries to do a local authentication and no RADIUS authentication.

Config is made via NetSight Policy Manager running latest 6.3. Version.

I hope somebody has an idea.

Best Regards
Michael

Config:
#
# Module devmgr configuration. # configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000" configure sys-recovery-level switch reset # # Module vlan configuration. # configure vlan default delete ports all configure vr VR-Default delete ports 1-52 configure vr VR-Default add ports 1-52 configure vlan default delete ports 1-49 create qosprofile "QP2" create qosprofile "QP3" create qosprofile "QP4" create qosprofile "QP5" create qosprofile "QP6" create qosprofile "QP7" configure ports group "Default (IRL.1)" add 1-52 configure ports group "Default (TXQ.0)" add 1-52 create vlan "Test" configure vlan Test tag 2414 configure ports 49 auto off speed 10000 duplex full configure ports 50 auto off speed 10000 duplex full configure ports 51 auto off speed 10000 duplex full configure ports 52 auto off speed 10000 duplex full configure vlan Test add ports 49-52 tagged configure vlan Test add ports 1-48 untagged configure vlan Default add ports 49 tagged configure vlan Default add ports 50-52 untagged configure vlan Default ipaddress 172.16.1.85 255.255.255.0 configure vlan Mgmt ipaddress 10.10.10.10 255.255.255.0 configure qosscheduler strict-priority ports "Default (TXQ.0)" configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP2 maxbuffer 100 weight 1 configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP3 maxbuffer 100 weight 1 configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP4 maxbuffer 100 weight 1 configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP5 maxbuffer 100 weight 1 configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP6 maxbuffer 100 weight 1 configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP7 maxbuffer 100 weight 1 configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure dot1p type 0 qosprofile QP1 ingress-meter ingmeter0 configure dot1p type 1 qosprofile QP2 ingress-meter ingmeter1 configure dot1p type 2 qosprofile QP3 ingress-meter ingmeter2 configure dot1p type 3 qosprofile QP4 ingress-meter ingmeter3 configure dot1p type 4 qosprofile QP5 ingress-meter ingmeter4 configure dot1p type 5 qosprofile QP6 ingress-meter ingmeter5 configure dot1p type 6 qosprofile QP7 ingress-meter ingmeter6 configure dot1p type 7 qosprofile QP8 ingress-meter ingmeter7 # # Module fdb configuration. # # # Module rtmgr configuration. # configure iproute add default 10.10.10.1 vr VR-Mgmt configure iproute add default 172.24.1.1 disable iproute ipv4 compression disable iproute ipv6 compression # # Module mcmgr configuration. # # # Module aaa configuration. # configure radius netlogin 1 server 172.16.2.131 1812 client-ip 172.16.1.85 vr VR-Default configure radius 1 shared-secret encrypted XXX configure radius netlogin 2 server 172.16.2.132 1812 client-ip 172.16.1.85 vr VR-Default configure radius 2 shared-secret encrypted XXX configure radius-accounting netlogin server 1 172.16.2.131 1812 client-ip 172.16.1.85 vr VR-Default configure radius-accounting 1 shared-secret encrypted XXX configure radius-accounting 1 timeout 10 configure radius-accounting netlogin server 2 172.16.2.132 1812 client-ip 172.16.1.85 vr VR-Default configure radius-accounting 2 shared-secret encrypted XXX configure radius-accounting 2 timeout 10 enable radius disable radius mgmt-access enable radius netlogin configure radius timeout 15 enable radius-accounting disable radius-accounting mgmt-access enable radius-accounting netlogin configure account admin encrypted XXX # # Module acl configuration. # # # Module bfd configuration. # # # Module ces configuration. # # # Module cfgmgr configuration. # # # Module dosprotect configuration. # # # Module dot1ag configuration. # # # Module eaps configuration. # # # Module edp configuration. # # # Module elrp configuration. # # # Module ems configuration. # # # Module epm configuration. # # # Module erps configuration. # # # Module esrp configuration. # # # Module ethoam configuration. # # # Module etmon configuration. # # # Module hal configuration. # # # Module idMgr configuration. # # # Module ipSecurity configuration. # # # Module ipfix configuration. # # # Module lldp configuration. # # # Module mrp configuration. # # # Module msdp configuration. # # # Module netLogin configuration. # enable netlogin dot1x mac configure netlogin mac authentication database-order radius configure netlogin authentication protocol-order dot1x mac web-based configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 enable netlogin ports 1-48 dot1x enable netlogin ports 1-48 mac configure netlogin mac ports 1 timers reauthentication on configure netlogin mac ports 2 timers reauthentication on configure netlogin mac ports 3 timers reauthentication on configure netlogin mac ports 4 timers reauthentication on configure netlogin mac ports 5 timers reauthentication on configure netlogin mac ports 6 timers reauthentication on configure netlogin mac ports 7 timers reauthentication on configure netlogin mac ports 8 timers reauthentication on configure netlogin mac ports 9 timers reauthentication on configure netlogin mac ports 10 timers reauthentication on configure netlogin mac ports 11 timers reauthentication on configure netlogin mac ports 12 timers reauthentication on configure netlogin mac ports 13 timers reauthentication on configure netlogin mac ports 14 timers reauthentication on configure netlogin mac ports 15 timers reauthentication on configure netlogin mac ports 16 timers reauthentication on configure netlogin mac ports 17 timers reauthentication on configure netlogin mac ports 18 timers reauthentication on configure netlogin mac ports 19 timers reauthentication on configure netlogin mac ports 20 timers reauthentication on configure netlogin mac ports 21 timers reauthentication on configure netlogin mac ports 22 timers reauthentication on configure netlogin mac ports 23 timers reauthentication on configure netlogin mac ports 24 timers reauthentication on configure netlogin mac ports 25 timers reauthentication on configure netlogin mac ports 26 timers reauthentication on configure netlogin mac ports 27 timers reauthentication on configure netlogin mac ports 28 timers reauthentication on configure netlogin mac ports 29 timers reauthentication on configure netlogin mac ports 30 timers reauthentication on configure netlogin mac ports 31 timers reauthentication on configure netlogin mac ports 32 timers reauthentication on configure netlogin mac ports 33 timers reauthentication on configure netlogin mac ports 34 timers reauthentication on configure netlogin mac ports 35 timers reauthentication on configure netlogin mac ports 36 timers reauthentication on configure netlogin mac ports 37 timers reauthentication on configure netlogin mac ports 38 timers reauthentication on configure netlogin mac ports 39 timers reauthentication on configure netlogin mac ports 40 timers reauthentication on configure netlogin mac ports 41 timers reauthentication on configure netlogin mac ports 42 timers reauthentication on configure netlogin mac ports 43 timers reauthentication on configure netlogin mac ports 44 timers reauthentication on configure netlogin mac ports 45 timers reauthentication on configure netlogin mac ports 46 timers reauthentication on configure netlogin mac ports 47 timers reauthentication on configure netlogin mac ports 48 timers reauthentication on # # Module netTools configuration. # # # Module ntp configuration. # # # Module poe configuration. # # # Module policy configuration. # enable policy configure netlogin port 1 authentication mode optional configure netlogin port 2 authentication mode optional configure netlogin port 3 authentication mode optional configure netlogin port 4 authentication mode optional configure netlogin port 5 authentication mode optional configure netlogin port 6 authentication mode optional configure netlogin port 7 authentication mode optional configure netlogin port 8 authentication mode optional configure netlogin port 9 authentication mode optional configure netlogin port 10 authentication mode optional configure netlogin port 11 authentication mode optional configure netlogin port 12 authentication mode optional configure netlogin port 13 authentication mode optional configure netlogin port 14 authentication mode optional configure netlogin port 15 authentication mode optional configure netlogin port 16 authentication mode optional configure netlogin port 17 authentication mode optional configure netlogin port 18 authentication mode optional configure netlogin port 19 authentication mode optional configure netlogin port 20 authentication mode optional configure netlogin port 21 authentication mode optional configure netlogin port 22 authentication mode optional configure netlogin port 23 authentication mode optional configure netlogin port 24 authentication mode optional configure netlogin port 25 authentication mode optional configure netlogin port 26 authentication mode optional configure netlogin port 27 authentication mode optional configure netlogin port 28 authentication mode optional configure netlogin port 29 authentication mode optional configure netlogin port 30 authentication mode optional configure netlogin port 31 authentication mode optional configure netlogin port 32 authentication mode optional configure netlogin port 33 authentication mode optional configure netlogin port 34 authentication mode optional configure netlogin port 35 authentication mode optional configure netlogin port 36 authentication mode optional configure netlogin port 37 authentication mode optional configure netlogin port 38 authentication mode optional configure netlogin port 39 authentication mode optional configure netlogin port 40 authentication mode optional configure netlogin port 41 authentication mode optional configure netlogin port 42 authentication mode optional configure netlogin port 43 authentication mode optional configure netlogin port 44 authentication mode optional configure netlogin port 45 authentication mode optional configure netlogin port 46 authentication mode optional configure netlogin port 47 authentication mode optional configure netlogin port 48 authentication mode optional configure netlogin port 49 authentication mode optional configure netlogin port 50 authentication mode optional configure netlogin port 51 authentication mode optional configure netlogin port 52 authentication mode optional # # Module rip configuration. # # # Module r.png configuration. # # # Module snmpMaster configuration. # ... # # Module stp configuration. # # # Module synce configuration. # # # Module techSupport configuration. # enable tech-support collector # # Module telnetd configuration. # # # Module tftpd configuration. # # # Module thttpd configuration. # configure ssl certificate hash-algorithm sha512 # # Module twamp configuration. # # # Module vmt configuration. # # # Module vsm configuration. #
[/code]

[/code]

8 replies

Userlevel 2
In Policy Manager with XOS switches, I've had to put in a bogus number in the field where mac auth password is at. Click on the network device in PM, go to Auth tab, and under Mac Auth settings, check the box for password and insert a password there. Could be 12345678. And auth usually starts working. I call this an 'undocumented feature'. Not sure why that makes it work.
Userlevel 6
Hi,

the following config works well:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.08.06 17:39:39 =~=~=~=~=~=~=~=~=~=~=~=
Slot-1 Stack.18 # sh ver

Slot-1 : 800545-00-03 1434G-00449 Rev 3.0 BootROM: 1.0.2.1 IMG: 16.1.1.4
Slot-2 :
Slot-3 :
Slot-4 :
Slot-5 :
Slot-6 :
Slot-7 :
Slot-8 :

Image : ExtremeXOS version 16.1.1.4 by release-manager
on Fri Jun 12 17:47:56 EDT 2015
BootROM : 1.0.2.1
Diagnostics : 3.1
Slot-1 Stack.18 # sh config aaa

#
# Module aaa configuration.
#
configure radius netlogin 1 server 10.170.160.91 1812 client-ip 192.168.10.13 vr VR-Default
configure radius 1 shared-secret encrypted "#$NzJkO/oA17tFyqdMgx3mSUnrNKmD8gEcacbVNWEU"
configure radius-accounting netlogin server 1 10.170.160.91 1813 client-ip 192.168.10.13 vr VR-Default
configure radius-accounting 1 shared-secret encrypted "#$N6s5jE7gXpmxO8W6fY+wOR3vPMYhvqUtvHJkNW+a"
configure radius-accounting 1 timeout 10
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 15
enable radius-accounting
enable radius-accounting netlogin
configure account admin encrypted "$5$0tnSqy$YMlacN4Q1uxTQBHTzJdCsojS7EKucZ7MoceYSNGwwb3"
Slot-1 Stack.19 #

Slot-1 Stack.19 #

Slot-1 Stack.19 #

Slot-1 Stack.19 #

Slot-1 Stack.19 # sh config netlogin

#
# Module netLogin configuration.
#
enable netlogin dot1x mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "}eqrthug"
enable netlogin ports 1:1 dot1x
enable netlogin ports 1:1 mac
configure netlogin dot1x ports 1:1 timers reauth-period 60
configure netlogin mac ports 1:1 timers reauth-period 60 reauthentication on
Slot-1 Stack.20 #

Slot-1 Stack.20 #

Slot-1 Stack.20 #

Slot-1 Stack.20 #

Slot-1 Stack.20 #

Slot-1 Stack.20 #

Slot-1 Stack.20 # sh config policy

#
# Module policy configuration.
#
enable policy
configure netlogin port 1:2 authentication mode optional
configure netlogin port 1:3 authentication mode optional
configure netlogin port 1:4 authentication mode optional
configure netlogin port 1:5 authentication mode optional
configure netlogin port 1:6 authentication mode optional
configure netlogin port 1:7 authentication mode optional
configure netlogin port 1:8 authentication mode optional
configure netlogin port 1:9 authentication mode optional
configure netlogin port 1:10 authentication mode optional
configure netlogin port 1:11 authentication mode optional
configure netlogin port 1:12 authentication mode optional
configure netlogin port 1:13 authentication mode optional
configure netlogin port 1:14 authentication mode optional
configure netlogin port 1:15 authentication mode optional
configure netlogin port 1:16 authentication mode optional
configure netlogin port 1:17 authentication mode optional
configure netlogin port 1:18 authentication mode optional
configure netlogin port 1:19 authentication mode optional
configure netlogin port 1:20 authentication mode optional
configure netlogin port 1:21 authentication mode optional
configure netlogin port 1:22 authentication mode optional
configure netlogin port 1:23 authentication mode optional
configure netlogin port 1:24 authentication mode optional
configure netlogin port 1:25 authentication mode optional
configure netlogin port 1:26 authentication mode optional
configure netlogin port 1:27 authentication mode optional
configure netlogin port 1:28 authentication mode optional
configure netlogin port 1:29 authentication mode optional
configure netlogin port 1:30 authentication mode optional
configure netlogin port 1:31 authentication mode optional
configure netlogin port 1:32 authentication mode optional
configure netlogin port 1:33 authentication mode optional
configure netlogin port 1:34 authentication mode optional
configure netlogin port 1:35 authentication mode optional
configure netlogin port 1:36 authentication mode optional
configure netlogin port 1:37 authentication mode optional
configure netlogin port 1:38 authentication mode optional
configure netlogin port 1:39 authentication mode optional
configure netlogin port 1:40 authentication mode optional
configure netlogin port 1:41 authentication mode optional
configure netlogin port 1:42 authentication mode optional
configure netlogin port 1:43 authentication mode optional
configure netlogin port 1:44 authentication mode optional
configure netlogin port 1:45 authentication mode optional
configure netlogin port 1:46 authentication mode optional
configure netlogin port 1:47 authentication mode optional
configure netlogin port 1:48 authentication mode optional
configure netlogin port 1:49 authentication mode optional
configure netlogin port 1:50 authentication mode optional
configure netlogin port 1:51 authentication mode optional
configure netlogin port 1:52 authentication mode optional
configure netlogin port 1:53 authentication mode optional
configure netlogin port 1:54 authentication mode optional
configure netlogin port 1:55 authentication mode optional
configure netlogin port 1:56 authentication mode optional
configure netlogin port 1:57 authentication mode optional
configure netlogin port 1:58 authentication mode optional
configure netlogin port 1:59 authentication mode optional
configure netlogin port 1:60 authentication mode optional
configure netlogin port 1:61 authentication mode optional
configure netlogin port 1:62 authentication mode optional
configure netlogin port 1:63 authentication mode optional
configure netlogin port 1:64 authentication mode optional
configure netlogin port 1:65 authentication mode optional
configure netlogin port 1:66 authentication mode optional
configure netlogin port 1:67 authentication mode optional
configure netlogin port 1:68 authentication mode optional
configure netlogin port 1:69 authentication mode optional
configure netlogin port 1:70 authentication mode optional
configure netlogin port 1:71 authentication mode optional
configure netlogin port 1:72 authentication mode optional
configure policy profile 1 name "Administrator" pvid-status "enable" pvid 4095 cos 3
configure policy profile 3 name "Failsafe"
configure policy profile 5 name "Deny Access" pvid-status "enable" pvid 0
configure policy profile 6 name "Guest Access" pvid-status "enable" pvid 4095 cos-status "enable" cos 1
configure policy profile 7 name "Enterprise Access" pvid-status "enable" pvid 4095 cos-status "enable" cos 3
configure policy profile 8 name "Quarantine" pvid-status "enable" pvid 0
configure policy profile 9 name "Unregistered" pvid-status "enable" pvid 0
configure policy profile 10 name "Enterprise User" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
configure policy profile 11 name "Assessing" pvid-status "enable" pvid 0
configure policy rule 5 udpdestportIP 53 mask 16 forward
configure policy rule 5 udpdestportIP 67 mask 16 forward
configure policy rule 5 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 5 tcpdestportIP 8080 mask 16 forward
configure policy rule 5 tcpdestportIP 8443 mask 16 forward
configure policy rule 5 ether 0x0806 mask 16 forward
configure policy rule 6 udpdestportIP 53 mask 16 forward
configure policy rule 6 udpdestportIP 67 mask 16 forward
configure policy rule 6 tcpdestportIP 80 mask 16 forward
configure policy rule 6 tcpdestportIP 443 mask 16 forward
configure policy rule 6 tcpdestportIP 8080 mask 16 forward
configure policy rule 6 tcpdestportIP 8443 mask 16 forward
configure policy rule 6 ipproto 1 mask 8 drop
configure policy rule 6 ipproto 6 mask 8 drop
configure policy rule 6 ipproto 17 mask 8 drop
configure policy rule 6 ether 0x0806 mask 16 forward
configure policy rule 7 udpsourceportIP 53 mask 16 drop
configure policy rule 7 udpsourceportIP 67 mask 16 drop
configure policy rule 7 udpsourceportIP 69 mask 16 drop
configure policy rule 7 udpsourceportIP 161 mask 16 drop
configure policy rule 7 udpsourceportIP 162 mask 16 drop
configure policy rule 7 udpsourceportIP 520 mask 16 drop
configure policy rule 7 udpsourceportIP 1433 mask 16 drop
configure policy rule 7 udpsourceportIP 1434 mask 16 drop
configure policy rule 7 udpsourceportIP 1812 mask 16 drop
configure policy rule 7 udpsourceportIP 1813 mask 16 drop
configure policy rule 7 udpdestportIP 69 mask 16 drop
configure policy rule 7 udpdestportIP 161 mask 16 drop
configure policy rule 7 udpdestportIP 162 mask 16 drop
configure policy rule 7 udpdestportIP 1434 mask 16 drop
configure policy rule 7 udpdestportIP 1900 mask 16 drop
configure policy rule 7 tcpsourceportIP 0 mask 16 drop
configure policy rule 7 tcpsourceportIP 1 mask 16 drop
configure policy rule 7 tcpsourceportIP 2 mask 16 drop
configure policy rule 7 tcpsourceportIP 3 mask 16 drop
configure policy rule 7 tcpsourceportIP 4 mask 16 drop
configure policy rule 7 tcpsourceportIP 5 mask 16 drop
configure policy rule 7 tcpsourceportIP 6 mask 16 drop
configure policy rule 7 tcpsourceportIP 7 mask 16 drop
configure policy rule 7 tcpsourceportIP 8 mask 16 drop
configure policy rule 7 tcpsourceportIP 9 mask 16 drop
configure policy rule 7 tcpsourceportIP 10 mask 16 drop
configure policy rule 7 tcpsourceportIP 11 mask 16 drop
configure policy rule 7 tcpsourceportIP 12 mask 16 drop
configure policy rule 7 tcpsourceportIP 13 mask 16 drop
configure policy rule 7 tcpsourceportIP 14 mask 16 drop
configure policy rule 7 tcpsourceportIP 15 mask 16 drop
configure policy rule 7 tcpsourceportIP 16 mask 16 drop
configure policy rule 7 tcpsourceportIP 17 mask 16 drop
configure policy rule 7 tcpsourceportIP 18 mask 16 drop
configure policy rule 7 tcpsourceportIP 19 mask 16 drop
configure policy rule 7 tcpsourceportIP 20 mask 16 drop
configure policy rule 7 tcpsourceportIP 21 mask 16 drop
configure policy rule 7 tcpsourceportIP 22 mask 16 drop
configure policy rule 7 tcpsourceportIP 23 mask 16 drop
configure policy rule 7 tcpsourceportIP 25 mask 16 drop
configure policy rule 7 tcpsourceportIP 53 mask 16 drop
configure policy rule 7 tcpsourceportIP 80 mask 16 drop
configure policy rule 7 tcpsourceportIP 135 mask 16 cos 2
configure policy rule 7 tcpsourceportIP 137 mask 16 cos 2
configure policy rule 7 tcpsourceportIP 139 mask 16 drop
configure policy rule 7 tcpsourceportIP 443 mask 16 drop
configure policy rule 7 tcpsourceportIP 1433 mask 16 drop
configure policy rule 7 tcpsourceportIP 1434 mask 16 drop
configure policy rule 7 tcpsourceportIP 5000 mask 16 drop
configure policy rule 7 tcpsourceportIP 6346 mask 16 cos 2
configure policy rule 7 tcpdestportIP 22 mask 16 drop
configure policy rule 7 tcpdestportIP 23 mask 16 drop
configure policy rule 7 tcpdestportIP 80 mask 16 cos 2
configure policy rule 7 tcpdestportIP 137 mask 16 cos 2
configure policy rule 7 tcpdestportIP 1434 mask 16 drop
configure policy rule 7 tcpdestportIP 8080 mask 16 forward
configure policy rule 7 tcpdestportIP 8443 mask 16 forward
configure policy rule 7 iptos 176 mask 8 cos 6
configure policy rule 7 ipproto 1 mask 8 cos 2
configure policy rule 7 ipproto 89 mask 8 drop
configure policy rule 8 ipdest 10.170.110.91 mask 32 forward
configure policy rule 8 ipdest 10.170.120.91 mask 32 forward
configure policy rule 8 ipdest 10.170.130.91 mask 32 forward
configure policy rule 8 ipdest 10.170.140.91 mask 32 forward
configure policy rule 8 ipdest 10.170.150.91 mask 32 forward
configure policy rule 8 ipdest 10.170.160.91 mask 32 forward
configure policy rule 8 udpdestportIP 53 mask 16 forward
configure policy rule 8 udpdestportIP 67 mask 16 forward
configure policy rule 8 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 8 tcpdestportIP 8080 mask 16 forward
configure policy rule 8 tcpdestportIP 8443 mask 16 forward
configure policy rule 8 ether 0x0806 mask 16 forward
configure policy rule 9 udpdestportIP 53 mask 16 forward
configure policy rule 9 udpdestportIP 67 mask 16 forward
configure policy rule 9 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 9 tcpdestportIP 8080 mask 16 forward
configure policy rule 9 tcpdestportIP 8443 mask 16 forward
configure policy rule 9 ether 0x0806 mask 16 forward
configure policy rule 10 udpsourceportIP 53 mask 16 drop
configure policy rule 10 udpsourceportIP 67 mask 16 drop
configure policy rule 10 udpsourceportIP 69 mask 16 drop
configure policy rule 10 udpsourceportIP 161 mask 16 drop
configure policy rule 10 udpsourceportIP 162 mask 16 drop
configure policy rule 10 udpsourceportIP 520 mask 16 drop
configure policy rule 10 udpsourceportIP 1433 mask 16 drop
configure policy rule 10 udpsourceportIP 1434 mask 16 drop
configure policy rule 10 udpsourceportIP 1812 mask 16 drop
configure policy rule 10 udpsourceportIP 1813 mask 16 drop
configure policy rule 10 udpdestportIP 69 mask 16 drop
configure policy rule 10 udpdestportIP 161 mask 16 drop
configure policy rule 10 udpdestportIP 162 mask 16 drop
configure policy rule 10 udpdestportIP 1434 mask 16 drop
configure policy rule 10 udpdestportIP 1900 mask 16 drop
configure policy rule 10 tcpsourceportIP 0 mask 16 drop
configure policy rule 10 tcpsourceportIP 1 mask 16 drop
configure policy rule 10 tcpsourceportIP 2 mask 16 drop
configure policy rule 10 tcpsourceportIP 3 mask 16 drop
configure policy rule 10 tcpsourceportIP 4 mask 16 drop
configure policy rule 10 tcpsourceportIP 5 mask 16 drop
configure policy rule 10 tcpsourceportIP 6 mask 16 drop
configure policy rule 10 tcpsourceportIP 7 mask 16 drop
configure policy rule 10 tcpsourceportIP 8 mask 16 drop
configure policy rule 10 tcpsourceportIP 9 mask 16 drop
configure policy rule 10 tcpsourceportIP 10 mask 16 drop
configure policy rule 10 tcpsourceportIP 11 mask 16 drop
configure policy rule 10 tcpsourceportIP 12 mask 16 drop
configure policy rule 10 tcpsourceportIP 13 mask 16 drop
configure policy rule 10 tcpsourceportIP 14 mask 16 drop
configure policy rule 10 tcpsourceportIP 15 mask 16 drop
configure policy rule 10 tcpsourceportIP 16 mask 16 drop
configure policy rule 10 tcpsourceportIP 17 mask 16 drop
configure policy rule 10 tcpsourceportIP 18 mask 16 drop
configure policy rule 10 tcpsourceportIP 19 mask 16 drop
configure policy rule 10 tcpsourceportIP 20 mask 16 drop
configure policy rule 10 tcpsourceportIP 21 mask 16 drop
configure policy rule 10 tcpsourceportIP 22 mask 16 drop
configure policy rule 10 tcpsourceportIP 23 mask 16 drop
configure policy rule 10 tcpsourceportIP 25 mask 16 drop
configure policy rule 10 tcpsourceportIP 53 mask 16 drop
configure policy rule 10 tcpsourceportIP 80 mask 16 drop
configure policy rule 10 tcpsourceportIP 135 mask 16 cos 2
configure policy rule 10 tcpsourceportIP 137 mask 16 cos 2
configure policy rule 10 tcpsourceportIP 139 mask 16 drop
configure policy rule 10 tcpsourceportIP 443 mask 16 drop
configure policy rule 10 tcpsourceportIP 1433 mask 16 drop
configure policy rule 10 tcpsourceportIP 1434 mask 16 drop
configure policy rule 10 tcpsourceportIP 5000 mask 16 drop
configure policy rule 10 tcpsourceportIP 6346 mask 16 cos 2
configure policy rule 10 tcpdestportIP 22 mask 16 drop
configure policy rule 10 tcpdestportIP 23 mask 16 drop
configure policy rule 10 tcpdestportIP 80 mask 16 cos 2
configure policy rule 10 tcpdestportIP 137 mask 16 cos 2
configure policy rule 10 tcpdestportIP 1434 mask 16 drop
configure policy rule 10 tcpdestportIP 8080 mask 16 forward
configure policy rule 10 tcpdestportIP 8443 mask 16 forward
configure policy rule 10 iptos 176 mask 8 cos 6
configure policy rule 10 ipproto 1 mask 8 cos 2
configure policy rule 10 ipproto 6 mask 8 cos 5
configure policy rule 10 ipproto 89 mask 8 drop
configure policy rule 11 ipdest 10.170.110.91 mask 32 forward
configure policy rule 11 ipdest 10.170.120.91 mask 32 forward
configure policy rule 11 ipdest 10.170.130.91 mask 32 forward
configure policy rule 11 ipdest 10.170.140.91 mask 32 forward
configure policy rule 11 ipdest 10.170.150.91 mask 32 forward
configure policy rule 11 ipdest 10.170.160.91 mask 32 forward
configure policy rule 11 udpdestportIP 53 mask 16 forward
configure policy rule 11 udpdestportIP 67 mask 16 forward
configure policy rule 11 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 11 tcpdestportIP 8080 mask 16 forward
configure policy rule 11 tcpdestportIP 8443 mask 16 forward
configure policy rule 11 ether 0x0806 mask 16 forward
Slot-1 Stack.21 #

Slot-1 Stack.21 #

Slot-1 Stack.21 #

Slot-1 Stack.21 #
Userlevel 6
Use EXOS V16.1.2.14 patch1-4!! We have the same issue with 16.1.3.x !
Userlevel 6
You have configured 2 default routes - this seems to be corrected.
Userlevel 3
Hi Brian, Pala and Matthias,

thanks for your help. Surprisingly it started working during the weekend... ?!?
Configuring the password for MAC auth did no harm, so I configured it.

Thanks a lot 🙂

Best Regards

Michael
Userlevel 6
Hi Brian,

the behaviour you describe seems (to my oppion) generate the following needed config line:
"configure netlogin add mac-list default"
Userlevel 6
Hi Michael,

i think you are victim of this bug:
RADIUS Authentication Stops Working on an EXOS Switch

Regards
Userlevel 3
Wow, thanks a lot!

Reply