This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- Netlogin for NAC not working on Extreme x440 and x...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Netlogin for NAC not working on Extreme x440 and x430 Switches
Netlogin for NAC not working on Extreme x440 and x430 Switches
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-21-2016 07:16 PM
We have deployed NAC and applied the rules and enabled Netlogin on x430 and x440 switches with ExtremeXOS version 16.2.1.6. The MAC authentication shows passed in Netsight and in switch however its not applied in reality if the switch doesnt have the ports configured to the repective vlan.
We are lost in this are we missing something in the configuration.
Here is the configuration on the switch.
create vlan NACauth
configure netlogin vlan NACauth
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 password voxmac
enable netlogin ports 1-23 dot1x
enable netlogin ports 1-23 mac
configure netlogin ports 1-23 mode mac-based-vlans
configure netlogin ports 1-23 no-restart
We are lost in this are we missing something in the configuration.
Here is the configuration on the switch.
create vlan NACauth
configure netlogin vlan NACauth
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 password voxmac
enable netlogin ports 1-23 dot1x
enable netlogin ports 1-23 mac
configure netlogin ports 1-23 mode mac-based-vlans
configure netlogin ports 1-23 no-restart
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-21-2016 08:19 PM
I'm using a 460G2, but the config should be the same. In the end I added the switches to nac mgr as manual switches and did the following config in cli: # Module netLogin configuration. # enable netlogin dot1x mac configure netlogin authentication protocol-order dot1x mac web-based enable netlogin ports 1:1-48 dot1x enable netlogin ports 1:1-48 mac configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted configure netlogin mac timers reauth-period 90 configure netlogin mac username format hyphenated # Module aaa configuration. # configure radius netlogin primary server 1812 client-ip vr VR-Default configure radius netlogin primary shared-secret encrypted configure radius netlogin secondary server 1812 client-ip vr VR-Default configure radius netlogin secondary shared-secret encrypted configure radius-accounting netlogin primary server 1813 client-ip vr VR-Default configure radius-accounting netlogin primary shared-secret encrypted configure radius-accounting netlogin secondary server 1813 client-ip configure radius timeout 20 configure radius mgmt-access timeout 20 configure radius netlogin timeout 20 enable radius-accounting disable radius-accounting mgmt-access enable radius-accounting netlogin
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-21-2016 07:43 PM
Yes, we are enabling the authentication on the Ports we have 5 vlans and once the MAC address is reflected on the Netsight we move them to particular group.
Example - I have connected laptop on port 20 and vlan 20 has to assigned after I move it to the group in Netsight, this is not working until the vlan 20 is configured on the switch.
Netsight should override the switch configuration, we have G2 switches which are working perfectly fine.
Example - I have connected laptop on port 20 and vlan 20 has to assigned after I move it to the group in Netsight, this is not working until the vlan 20 is configured on the switch.
Netsight should override the switch configuration, we have G2 switches which are working perfectly fine.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-21-2016 07:34 PM
Are you enabling authentication on the ports?
configure netlogin port 1-23 authentication mode optional
configure netlogin port 1-23 authentication mode optional
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā12-21-2016 07:34 PM
There is no such command in EXOS 16.x
Is there any analog for it?
Thanks
Is there any analog for it?
Thanks
