Header Only - DO NOT REMOVE - Extreme Networks
Question

NETLOGIN MAC BASE


Userlevel 4
Create Date: Mar 5 2013 9:02AM

HELLO,

can some one help me about NETLOGIN MAC BASE authentication configuration and sceanrio. i want to authenticate my 10 host laptop mac address
in local radius as extreme switch.please share configuration and and how host are authenticated.

i have tried with below config.

here is my config:

configure netlogin vlan nlvlan
enable netlogin mac
enable netlogin ports 4 mac
configure netlogin ports 4 mode port-based-vlans
configure netlogin ports 4 no-restart
configure netlogin add mac-list 88🇦🇪1d:2a:8b:32 48 ports 4
(from keshab_maharjan)

8 replies

Userlevel 4
Create Date: Mar 5 2013 2:22PM

Have you created a MAC entry in the local database?

you can do it by running the commmand:

create netlogin local-user "88AE1D28B32" ## hit enter, it will prompt you for a password. Put the same MAC address again as a password.

Let us know how it goes from there. (from ethernet)
Userlevel 4
Create Date: Mar 6 2013 6:12AM

Thanks for reply.

i have configured netlogin user like you said.
create netlogin local-user "88AE1D28B32

but when i checked

* X250e-24tdc.16 # sh netlogin port 4
Port : 4
Port Restart : Disabled
Allow Egress : None
Vlan : nlvlan
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
88🇦🇪1d:2a:8b:32 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB

could you please guide me regarding how mac address are authenticated.

Thanks
(from keshab_maharjan)
Userlevel 4
Create Date: Mar 6 2013 5:56PM

Try to force the switch to take the local database for MAC addresses by running the command:

configure netlogin mac authentication database-order local

Let us know if this works. (from ethernet)
Userlevel 4
Create Date: Mar 7 2013 5:48AM

please get my full config..

configure netlogin vlan vlan_10
enable netlogin mac
configure netlogin mac authentication database-order local
enable netlogin ports 4 mac
configure netlogin ports 4 mode port-based-vlans
configure netlogin ports 4 no-restart
configure netlogin add mac-list 88🇦🇪1d:2a:8b:32 48 ports 4
##########################################
X250e-24tdc.19 # sh netlogin port 4
Port : 4
Port Restart : Disabled
Allow Egress : None
Vlan : vlan_10
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
88🇦🇪1d:2a:8b:32 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB
########################################------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------

MAC Address/Mask Password (encrypted) Port(s)
-------------------- ------------------------------ ------------------------
88:AE:1D:2A:8B:32/48 4

Re-authentication period : 0 (Re-authentication disabled)
Authentication Database : Local-User database
------------------------------------------------

Port: 4, Vlan: vlan_10, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
88🇦🇪1d:2a:8b:32 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB

################################3

still no authentication please guide how can i verify....

(from keshab_maharjan)
Userlevel 4
Create Date: Mar 7 2013 2:52PM

I actually ran into an issue with case-sensitivity before. Remove the command:
configure netlogin add mac-list 88🇦🇪1d:2a:8b:32 48 ports 4

by running the command:
configure netlogin add mac-list 88:AE:1D:2A:8B:32 48 ports 4

Also, the username and password in the create netlogin local-user command, make sure those are uppercase too.

Hopefully, that is what is the last command that is missing from the switch. (from ethernet)
Userlevel 4
Create Date: Mar 11 2013 5:06AM

same thing... after configuring with upper case

configure netlogin add mac-list 88:AE:1D:2A:8B:32 48 ports 4 and netlogin local-user..
* X250e-24tdc.40 # sh netlogin port 4
Port : 4
Port Restart : Disabled
Allow Egress : None
Vlan : vlan_10
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
88🇦🇪1d:2a:8b:32 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB

could you please guide me how users authenticated..where we put user name and password which was created in SWITCH... do i need to dial..

(from keshab_maharjan)
Userlevel 4
Create Date: Mar 11 2013 5:13PM

Try to open the netlogin configuration to all MACs by running the command:

Configure netlogin add mac-list FF:FF:FF:FF:FF:FF 48 port X

This will *NOT* allow all devices to be authenticated. Only devices created in the Local DB by running the command "create netlogin local-user ...."

(from ethernet)
Userlevel 4
Create Date: Mar 14 2013 5:12AM

hello,

pls get my full config

configure netlogin vlan vlan_101
enable netlogin mac
configure netlogin mac authentication database-order local
enable netlogin ports 24 mac
configure netlogin ports 24 mode port-based-vlans
configure netlogin ports 24 no-restart
configure netlogin add mac-list 88🇦🇪1d:2a:8b:32 48 ports 24
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 ports 24
##################################
* X250e-24tdc.23 # sh netlogin local-users detail
NetLogin Local User information:

User Name : 88AE1D2A8B32
Extended-VLAN VSA :
Security Profile :
Encrypted Password: 5v8oYJ$0jqA68g/xERMtonL0Wgq6.
##################################
X250e-24tdc.25 # sh netlogin mac

NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based ENABLED
NetLogin VLAN : "vlan_101"
NetLogin move-fail-action : Deny
NetLogin Client Aging Time : 5 minutes
Dynamic VLAN Creation : Disabled
Dynamic VLAN Uplink Ports : None

------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------

MAC Address/Mask Password (encrypted) Port(s)
-------------------- ------------------------------ ------------------------
88:AE:1D:2A:8B:32/48 24
Default 24

Re-authentication period : 0 (Re-authentication disabled)
Authentication Database : Local-User database
------------------------------------------------

Port: 24, Vlan: vlan_101, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
########################################
* X250e-24tdc.26 # sh fdb ports 24
Mac Vlan Age Flags Port / Virtual Port List
------------------------------------------------------------------------------

Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole,
b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation,
D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC,
S - Software Controlled Deletion

Total: 2 Static: 0 Perm: 0 Dyn: 2 Dropped: 0 Locked: 0 Locked with Timeout: 0
FDB Aging time: 300
########################################

* X250e-24tdc.30 # sh netlogin port 24
Port : 24
Port Restart : Disabled
Allow Egress : None
Vlan : vlan_101
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
88🇦🇪1d:2a:8b:32 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB

############################################

please help how netlogin works with local database and authenticated....

(from keshab_maharjan)

Reply