Header Only - DO NOT REMOVE - Extreme Networks

No Netlogin VLAN option


Userlevel 2
I'm trying to configure netlogin and I don't seem to have the option to set a netlogin vlan. Is this a licensing issue or something else I'm missing?

18 replies

Userlevel 7
model and software version of the switch ?
Userlevel 7
could you post a "show netlogin"
Userlevel 2

Userlevel 7
Is that a special version as I can't find that one on the download server - could you try to upgrade to a newer version ?
Userlevel 2
Ron wrote:

Is that a special version as I can't find that one on the download server - could you try to upgrade to a newer version ?

I can upgrade to 21.1.4.4 patch 1-6. There are software bugs in later releases that prevent me from upgrading beyond that.

https://www.extremenetworks.com/extreme-hardwaresoftware-compatibility-recommendation-matrices/softw...
Userlevel 2
Ron wrote:

Is that a special version as I can't find that one on the download server - could you try to upgrade to a newer version ?

I upgraded to 21.1.4.4 patch 1-6. I still don't have the command "configure netlogin vlan".
Userlevel 2
may be because you have enabled policy?
Userlevel 6
Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.
Userlevel 2
OscarK wrote:

Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.

I do have policy enabled. Is there a good KB regarding configuring netlogin with policy enabled on switch firmware 2x.x and EMC version 8.x?

My searching isn't turning up much.
Userlevel 2
OscarK wrote:

Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.

Same request for me, it is really not clear how both works together.
Userlevel 5
OscarK wrote:

Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.

Hi Terrence, please run the show policy state command to verify the status of policy. The NetLogin VLAN will only be removed from the configuration list IF policy is enabled
# enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.[/code]# show policy state
Policy is currently: ENABLED
# configure netlogin vlan
^
%% Invalid input detected at '^' marker.[/code]Once policy is disabled, the netlogin VLAN can be configured:
# disable policy
# configure netlogin vlan
NetLogin VLAN for the current Virtual Router[/code]Kind regards
Userlevel 2
OscarK wrote:

Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.

show policy state shows that policy is enabled.

Are policy and Netlogin mutually exclusive? How would I do both? And is the policy in question here the ACL/local policy, or the EMC managed policy, or both?
Userlevel 5
OscarK wrote:

Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.

Hi Terren, I apologize for my earlier response, I read your response as "I do not have policy enabled".

Anyhow, the old Netlogin was VLAN dependent. An unauthenticated port had to be put somewhere while it is not authenticated, thus the need for the Netlogin VLAN. With Policy (not the ACL policy, but the XMC type of policy), the unauthenticated port can belong no where, and will be moved to its respective VLAN when tunnel attributes or the Filter-ID are passed down from RADIUS, or it can directly belong to the VLAN it will belong post authentication. It is this difference in architecture, that makes this specific configuration aspect mutually exclusive. The following outlines what changes when policy is enabled:

https://documentation.extremenetworks.com/exos_22.2/exos_21_1/onepolicy/c_netlogin-authentication.sh...
Userlevel 2
OscarK wrote:

Probably because you have enabled policy, then you cannot configure a netlogin vlan as netlogin works different with policy enabled.

Thanks. I'll give this a review and try it out.
Userlevel 2
So, given everything I've learned in this thread I have a couple of questions.

Can I use netlogin and policy at the same time?

How do I configure netlogin when using policy (switch firmware 2x.x and EMC 8.x)?
Userlevel 5
Terren Crider wrote:

So, given everything I've learned in this thread I have a couple of questions.

Can I use netlogin and policy at the same time?

How do I configure netlogin when using policy (switch firmware 2x.x and EMC 8.x)?

Q. Can I use netlogin and policy at the same time?
A. Yes, you can. Once policy is enabled you cannot configure your netlogin VLAN, plus the other commands outlined in the previous link I shared.

Here's an examples on how to configure Netlogin with XMC:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-netlogin-dot1x-via-policy...

And here's another one if you wanted to use a third party RADIUS Server:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-802-1x-based-Netlogin-wit...
Userlevel 2
Terren Crider wrote:

So, given everything I've learned in this thread I have a couple of questions.

Can I use netlogin and policy at the same time?

How do I configure netlogin when using policy (switch firmware 2x.x and EMC 8.x)?

Thanks. I'll give these a shot.
Userlevel 2
Terren Crider wrote:

So, given everything I've learned in this thread I have a couple of questions.

Can I use netlogin and policy at the same time?

How do I configure netlogin when using policy (switch firmware 2x.x and EMC 8.x)?

I hate to prod and criticize, but do you have more up to date documentation regarding policy and netlogin? Like I said, I'm on switch firmware 21.x and EMC 8.x.

Reply