https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61463#M2417 In my test environment I have a switch (X440G2 22.7.1.2) configured for NAC with two radius servers.<BR /> <BR /> In the AAA configuration I see two netlogin radius entry’s and the radius mgmt.-access is disabled and the policy works fine.<BR /> <BR /> As expansion on the configuration I want also that management requests are done by the radius servers.<BR /> So I configure the same radius server as for authentication .<BR /> <BR /> Now I see in the AAA configuration that the netlogin rules are replaced by mgmt.-access rules and that the radius netlogin is disabled.<BR /> <BR /> Cann’t I use the same radius servers for mgmt. as for authentication? Thu, 01 Aug 2019 13:26:43 GMT JohanHendrikx 2019-08-01T13:26:43Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61463#M2417 In my test environment I have a switch (X440G2 22.7.1.2) configured for NAC with two radius servers.<BR /> <BR /> In the AAA configuration I see two netlogin radius entry’s and the radius mgmt.-access is disabled and the policy works fine.<BR /> <BR /> As expansion on the configuration I want also that management requests are done by the radius servers.<BR /> So I configure the same radius server as for authentication .<BR /> <BR /> Now I see in the AAA configuration that the netlogin rules are replaced by mgmt.-access rules and that the radius netlogin is disabled.<BR /> <BR /> Cann’t I use the same radius servers for mgmt. as for authentication? Thu, 01 Aug 2019 13:26:43 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61463#M2417 JohanHendrikx 2019-08-01T13:26:43Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61464#M2418 Hello,<BR /> <BR /> You can use the same RADIUS server fore mgmt and network authentication. You must set the Au<BR /> <BR /> Make sure that the X440G2 is set to "Any Access":<BR /> <BR /> <P class="fancybox-image"><span class="lia-inline-image-display-wrapper" image-alt="5bc5befc98c645b5b4eb31f635b68323_194c928e-d0c2-4a96-a934-30fa6f793ed0.png"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/2532iEC74342034B8E4C3/image-size/large?v=v2&amp;px=999" role="button" title="5bc5befc98c645b5b4eb31f635b68323_194c928e-d0c2-4a96-a934-30fa6f793ed0.png" alt="5bc5befc98c645b5b4eb31f635b68323_194c928e-d0c2-4a96-a934-30fa6f793ed0.png" /></span></P> Mon, 05 Aug 2019 05:18:30 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61464#M2418 Ryan_Yacobucci 2019-08-05T05:18:30Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61465#M2419 When I change the auth Access type to any access, the only configuration rule are the radius mgmt-access rules .<BR /> radius mgmt-access and radius netlogin are enabled.<BR /> There are no config rules for netlogin. Mon, 05 Aug 2019 13:50:38 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61465#M2419 JohanHendrikx 2019-08-05T13:50:38Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61466#M2420 Hello Johan,<BR /> <BR /> I'm not sure what you mean by config rules for netlogin.<BR /> <BR /> Are you referring to XMC control rules that determine authorization levels? <BR /> <BR /> Are you referring to switch configuration to enable netlogin for mac/802.1x auth on a per port or global basis?<BR /> <BR /> <BR /> Thanks<BR /> -Ryan Mon, 05 Aug 2019 20:09:41 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61466#M2420 Ryan_Yacobucci 2019-08-05T20:09:41Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61467#M2421 I'm refering to th switch configuration of the AAA section.<BR /> <BR /> At the moment I configure the management radius the config of the primairy and secondary engin are gone.<BR /> <BR /> Config exaples:<BR /> <BR /> Switch is configured for only primairy and secondary engins.<BR /> <BR /> configure radius 1 server 1812 client-ip vr VR-Default<BR /> configure radius 1 shared-secret encrypted "#$QHoAV1JRHL25Psky9286ihA/eQb5twIipuhGzDsLDrL3fId9ua4zlQA6tElrf8XmjmCsk55g"<BR /> configure radius 2 server 1812 client-ip vr VR-Default<BR /> configure radius 2 shared-secret encrypted "#$3YuouBFWEkEJ3aeHDxVM+YcELVg0sPdr67z3lZouVh/r+QyCfaG/bfQ7GI1MPpu/X5ed7Xc1"<BR /> configure radius-accounting 1 server 10.2.112.2 1813 client-ip 10.2.112.209 vr VR-Default<BR /> configure radius-accounting 1 shared-secret encrypted "#$qdZB1R6z+Up25O4vjfhESlE3MvJhBdSaOdCuaG/stlu6uNlfXpNJbAdUMTFwdifnKnPlmCFc"<BR /> configure radius-accounting 1 timeout 10<BR /> configure radius-accounting 2 server 10.2.113.2 1813 client-ip 10.2.112.209 vr VR-Default<BR /> configure radius-accounting 2 shared-secret encrypted "#$6ygkfu3I9oANOxxLOXakeFXo1/6A38wnFhe1gWuENAqkCzjZI158UJ/UNs3XviNa0DnZ/Xrw"<BR /> configure radius-accounting 2 timeout 10<BR /> enable radius<BR /> enable radius mgmt-access<BR /> enable radius netlogin<BR /> <BR /> Switch is configured for the both engins and both management radius:<BR /> <BR /> configure radius mgmt-access 1 server 1812 client-ip vr VR-Default<BR /> configure radius 1 shared-secret encrypted "#$fipO29phKcl+o6SgtbPEZ6unyZrmd6sZ+nT58kRLJJFVq1lx0QXIXO5QyxHrm5y6rzWgp7H6"<BR /> configure radius mgmt-access 2 server 1812 client-ip vr VR-Default<BR /> configure radius 2 shared-secret encrypted "#$la/QbhlmQf2p7xkkNHgaE2pR9SWjFaQ7cGCbBbr3BueEieI5Iy65o7XwAqNXx2DLlECTwJBp"<BR /> enable radius<BR /> enable radius mgmt-access<BR /> enable radius netlogin<BR /> configure radius timeout 15<BR /> enable radius-accounting<BR /> enable radius-accounting mgmt-access<BR /> enable radius-accounting netlogin<BR /> <P class="fancybox-image"><span class="lia-inline-image-display-wrapper" image-alt="7137611bf09c433d96c297421c15aa70_e0b74740-2846-436a-8c2e-2674d2e481d7.jpg"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/914i5BA6A5FAD6442C21/image-size/large?v=v2&amp;px=999" role="button" title="7137611bf09c433d96c297421c15aa70_e0b74740-2846-436a-8c2e-2674d2e481d7.jpg" alt="7137611bf09c433d96c297421c15aa70_e0b74740-2846-436a-8c2e-2674d2e481d7.jpg" /></span></P> Mon, 05 Aug 2019 21:21:18 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61467#M2421 JohanHendrikx 2019-08-05T21:21:18Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61468#M2422 Hello,<BR /> <BR /> Remove the "Management RADIUS server" and "Management RADIUS server 2" servers. Set them to none.<BR /> <BR /> If you identify Primary Engine and Secondary Engine as the NAC appliances you only need to set the "Auth Access Type" to any. This will identify them to be used for netlogin and mgmt access and configure the switch accordingly.<BR /> <BR /> That should configure the AAA to use the NAC appliances for both netlogin and mgmt login.<BR /> <BR /> Thanks<BR /> -Ryan Mon, 05 Aug 2019 22:55:00 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61468#M2422 Ryan_Yacobucci 2019-08-05T22:55:00Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61469#M2423 Ryan,<BR /> <BR /> I will test it Tue, 06 Aug 2019 12:56:41 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61469#M2423 JohanHendrikx 2019-08-06T12:56:41Z https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61470#M2424 Ryan,<BR /> <BR /> it works.<BR /> <BR /> Thanks for your support. Tue, 06 Aug 2019 16:02:31 GMT https://community.extremenetworks.com/t5/extremewireless-general/nac-authentication-and-mgmt-authentication-with-the-same-radius/m-p/61470#M2424 JohanHendrikx 2019-08-06T16:02:31Z