Question

Netlogin mac on local switch


Userlevel 4
Create Date: Apr 12 2013 5:42PM

I'm doing some testing on getting netlogin to work.

I'm first just trying to get the basic mac authentication to work then I want it to work with just the MAC OUI, but as I said I just want to try and get this to work with a straight up mac address.

create vlan nlvlan
create vlan Phone
configure vlan Phone tag 61
configure netlogin vlan nlvlan
enable netlogin mac
enable netlogin ports 11-20 mac
configure netlogin ports 11-20 mode mac-based-vlans

configure netlogin add mac-list 70:81:05:85:B8:A6 48

I'm getting this in the log showing that's not working.

[i] Authentication failed for Network Login MAC user 70810585B8A6 Mac 70:81:05:85:B8:A6 port 11

* X440-48p.17 # show netlogin mac-list
MAC Address/Mask Password (encrypted) Port(s)
-------------------- ------------------------------ ------------------------
70:81:05:85:B8:A6/48 any
70:81:00:00:00:00/16 any

Second quick question. What is the difference between netlogin local-users and netlogin mac-list?

Thanks in advance!

(from bw447)

2 replies

Userlevel 4
Create Date: Apr 14 2013 9:32PM

hey bw447

I have this set up in a script so that I can load it on a switch as I do demos. SO these commands have variables in them but I also show the variables. All you have to do is remove the variables and put in the true vales. I hope this makes sense if not let me know and I will redo it. I am just copying and pasting to save time. 🙂

configure netlogin vlan temp
enable netlogin mac
enable netlogin ports 11-20 mac

These are the variables that would be entered into the command.

#@VariableFieldLabel "Enter First Authorized MAC w/ octets separated by colons"
set var MAC1 00:04:0D:00:00:00
#@VariableFieldLabel "Enter First Authorized MAC password"
set var MAC1_Password 00040d000000

These are the commands

configure netlogin add mac-list $MAC1 $MAC1_Mask $MAC1_Password
create netlogin local-user $MAC1 $MAC1_Password vlan-vsa $MAC1_VLAN security-profile $MAC1_Profile

Hope this helps let me know if they don't

P (from Paul_Russo)
Userlevel 4
Create Date: Apr 15 2013 6:18PM

Hi prusso.

I tried the commands that you gave me, changing out the mac address for the one on my phone. I'm stilling get the error.

04/15/2013 13:10:02.58 [i] Authentication failed for Network Login MAC user 70810585B8A6 Mac 70:81:05:85:B8:A6 port 12

I think that it has to be something that I'm doing wrong. I rebooted the switch without making any changes before I typed in your commands. I verified that netlogin wasn't running and that I didn't have any macs in the local-user or mac-list. Then I typed in the commands.

Thanks for your help!

* X440-48p.4 # show netlogin mac

NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based ENABLED
NetLogin VLAN : "nlvlan"
NetLogin move-fail-action : Deny
NetLogin Client Aging Time : 5 minutes
Dynamic VLAN Creation : Disabled
Dynamic VLAN Uplink Ports : None

------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------

MAC Address/Mask Password (encrypted) Port(s)
-------------------- ------------------------------ ------------------------
70:81:05:85:B8:A6/48 :4:032?6C=M7 any

Re-authentication period : 0 (Re-authentication disabled)
Authentication Database : Local-User database
------------------------------------------------

Port: 11, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 12, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
70:81:05:85:b8:a6 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 13, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 14, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 15, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 16, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 17, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 18, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 19, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Port: 20, Vlan: nlvlan, State: Enabled, Authentication: mac-based
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB

Number of Clients Authenticated : 0 (from bw447)

Reply