802.1x authentication


Hi Team,

I need to configure the 802.1X authentication in Summit X440 -24p-10g switch.

I have NPS server in our environment .

Server details :- Ip address 192.168.1.74

Subnet :- 255.255.255.0

Gateway :- 192.168.1.1

Switch details :- Vlan 1 Ip address :- 192.168.1.4

Kindly provide setup by step command based on this Ip details .

In NPS already working and I configured so not required NPS document only I required what I need to configure in switch level with proper command.

11 replies

Userlevel 3
Hi Muthu,

Please check the below 2 articles and see if they help you with your request,

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-802-1x-based-Netlogin-wit...

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Mac-based-Netlogin-with-R...
Hi ,

While execute the command i am getting error message.
X440-24p-10G.12 # configure radius netlogin primary server 1812 client-ip 192.168.1.4 vr "VR-Mgmt"
Error: IP address 192.168.1.4 is not configured in virtual router "VR-Mgmt".

Regards.
Muthu
Userlevel 4
muthu naganathan wrote:

Hi ,

While execute the command i am getting error message.
X440-24p-10G.12 # configure radius netlogin primary server 1812 client-ip 192.168.1.4 vr "VR-Mgmt"
Error: IP address 192.168.1.4 is not configured in virtual router "VR-Mgmt".

Regards.
Muthu

Hi Muthu,

As you configured the IP address 192.168.1.4 in VLAN 1, you need to change the "vr-Mgmt" to "vr-Default".

BR
Hi ,

I am not understanding what is the client-ip ?
  • configure radius netlogin primary server client-ip
Regards
N.Muthu
Userlevel 6
muthu naganathan wrote:

Hi ,

I am not understanding what is the client-ip ?

  • configure radius netlogin primary server client-ip
Regards
N.Muthu

Naganathan, any station that wants to communicate to a Radius server must be registered as a client in the Radius server. And for every client, the Radius server will have a shared secret (think of it as a password) to validate that the client i the correct one.

So, you will need two enter commands in the switch:
configure radius netlogin primary server 192.168.1.74 client-ip 192.168.1.4 vr "VR-Default"
configure radius netlogin primary shared-secret "mysecret" (you can select a different one...)[/code]
And then you will need to add the switch as a client in NPS.

I nthe Windows server open NPS, open Radius Clients and Servers, select RADIUS Clients, right-click and select New:



In the New RADIUS Client form input the switch address (192.168.1.4) in the Address field. Then enter the shared secret (mysecret, or whatever you chose in the previous command) in the Shared Secret and Confirm Shared Secret fields. Press OK to save. The new client should appear in the clients list.



Now the switch and the Radius server are ready to talk to each other.
Userlevel 3
Hi Muthu,

If you are not using the MGMT VLAN to connect to your RADIUS Server, please replace the vr VR-MGMT with vr VR-Default in the command you listed. Please let us know if you have any other questions.
Thank you.

Best regards,
Andrew
Userlevel 3
Hi Muthu,

And the client-ip is the IP of the switch.

Below is a sample configuration for your reference,
The following example configures the primary RADIUS server on host radius1 using the default UDP port (1812) for use by the RADIUS client on switch 10.10.20.30 using a virtual router interface of VRDefault:

#configure radius primary server radius1 client-ip 10.10.20.30 vr vr-Default
Hi Andrew,

Please find the error message.
X440-24p-10G.13 # configure radius netlogin primary server 1812 client-ip 192.168.1.4 vr "VR-Default"
Error: Name lookup for host failed

Regards
N.Muthus
Userlevel 3
Muthu,

The "client-ip" refers to the local VLAN IP address (the source IP address for radius request from the switch)
Thanks.

Best regards,
Andrew
Userlevel 3
Muthu,

Regarding the "Error: Name lookup for host failed", you need to include the IP address of the RADIUS Server in the command line e.g. "primary server ". Also, if you are using the default ports for RADIUS you do not need to include a port # (e.g. port 1812) in the command line.
Thanks.

Best regards,
Andrew
Is there any tutorial movie on this ? step by step for dummies ?
How to configure 802.1x based Netlogin with Radius on EXOS

Reply