This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Netlogin unwanted MAC is authenticated locally

Netlogin unwanted MAC is authenticated locally

Chacko
Contributor

ā€Ž08-10-2017 11:43 AM

Hi,

I'm a little bit confused:
We are using netlogin for a year and it's working like you would expect it:
A unknown MAC address shows up on the switch, is getting blocked and reported in EMS.

But now, I have a unwanted MAC address, which is authenticated locally, but is reported as rejected in EMS - but the switch authenticates the user and assign to the granted VLAN.

Here is the netlogin config:
#
# Module netLogin configuration.
#
configure netlogin vlan AUTH
enable netlogin mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac timers reauth-period 7200
enable netlogin ports 1:10-48,2:10-2:48 mac
configure netlogin ports 1:10-48,2:10-2:48 mode mac-based-vlans
configure netlogin ports 1:10-48,2:10-2:48 no-restart
enable netlogin authentication service-unavailable vlan ports 1:10-48,2:10-2:48
configure netlogin authentication service-unavailable vlan office ports 1:10-48,2:10-2:48
Radius is working, the switch is a X450e-48p (stacked) with EXOS 15.3.2.11

I'm happy for feedback

Best Regards
Chacko
10 REPLIES 10

Chacko
Contributor
In response to Karthik_Mohando

ā€Ž08-15-2017 04:50 AM

Hi Karthik,

here is the output:
# sh netlogin port 2:20
Port : 2:20
Port Restart : Disabled
Allow Egress : None
Vlan : AUTH
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Enabled
MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port : 2:20
Port Restart : Disabled
Allow Egress : None
Vlan : office
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Enabled
MAC IP address Authenticated Type ReAuth-Timer User
10:4f:a8:XX:XX:XX 0.0.0.0 Yes, Locally MAC 7197 104FA8XXXXXX
-----------------------------------------------
(B) - Client entry Blackholed in FDB
And the log
Network Login MAC user 104FA8XXXXXX logged in MAC 10:4F:A8:XX:XX:XX port 2:20 VLAN(s) "office", authentication Locally
Port 2:20 link UP at speed 100 Mbps and full-duplex
0 Kudos
GTM-P2G8KFN