02-18-2021 01:32 PM
Hello Community,
I am in the process of testing Extreme Control and am stuck.
Setup
All servers and clients are running on one ESXi server
EMC 192.168.1.1 (switch port 1)
ExtremeControl Engine 192.168.1.2 (I want to use the engine as radius)
Switch X440 G2 192.168.1.6
Windows 10 Client 192.168.1.100 (Switch Port 11)
Config Switch
#
# Module aaa configuration.
#
configure radius netlogin 1 server 192.168.1.2 1812 client-ip 192.168.1.6 vr VR-Default
configure radius 1 shared-secret encrypted "#$3YWys9K/gnkYTAtcnoc0j/sVILnGlBmsBojzhCKu5klcQGu850E="
configure radius mgmt-access primary server 192.168.1.2 1812 client-ip 192.168.1.6 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "#$q3McX2ey3ZY3eNTYPu8B/14NYPTeJEwEnbZyHR4QoVrwtq3T1a0="
configure radius netlogin primary server 192.168.1.2 1812 client-ip 192.168.1.6 vr VR-Default
configure radius netlogin primary shared-secret encrypted "#$+BrzjOm9EGeBUFdYfHDStLMDGl3Zq2uZ/iFgqbFmQjO49XwptwY="
enable radius
enable radius mgmt-access
enable radius netlogin
configure radius timeout 15
Config Engine
I left everything on default and only entered an IP subnet under IP Address Resolution: 192.168.1.0-192.168.1.254.
Config EMC
Switch added (can also be seen under Control/Access Control/Engines/Default/Switches)
Logs Switch
sh radius
- shows that it is connected
show log severity debug-data | include RADIUS
- does not show error messages
Logs Engine
/var/log/radius/radius.log
- for me not understandable found what I should change
I can still write all needed information in case I forgot something. I would be grateful for any help.
Solved! Go to Solution.
02-18-2021 02:24 PM
One further hint:
To check if authentications happen on your switch use:
show netlogin session
on you switch
02-18-2021 02:31 PM
Thanks for the fast answer. I check this solution.
02-18-2021 02:24 PM
One further hint:
To check if authentications happen on your switch use:
show netlogin session
on you switch
02-18-2021 02:21 PM
Hello,
you missed the netlogin configuration. You have to enable netlogin for the relevant ports:
The here:
https://extremeportal.force.com/ExtrArticleDetail?an=000080274&q=nac%20xos%20enable%20netlogin