Hi,
the following config works well:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.08.06 17:39:39 =~=~=~=~=~=~=~=~=~=~=~=
Slot-1 Stack.18 # sh ver
Slot-1 : 800545-00-03 1434G-00449 Rev 3.0 BootROM: 1.0.2.1 IMG: 16.1.1.4
Slot-2 :
Slot-3 :
Slot-4 :
Slot-5 :
Slot-6 :
Slot-7 :
Slot-8 :
Image : ExtremeXOS version 16.1.1.4 by release-manager
on Fri Jun 12 17:47:56 EDT 2015
BootROM : 1.0.2.1
Diagnostics : 3.1
Slot-1 Stack.18 # sh config aaa
#
# Module aaa configuration.
#
configure radius netlogin 1 server 10.170.160.91 1812 client-ip 192.168.10.13 vr VR-Default
configure radius 1 shared-secret encrypted "#$NzJkO/oA17tFyqdMgx3mSUnrNKmD8gEcacbVNWEU"
configure radius-accounting netlogin server 1 10.170.160.91 1813 client-ip 192.168.10.13 vr VR-Default
configure radius-accounting 1 shared-secret encrypted "#$N6s5jE7gXpmxO8W6fY+wOR3vPMYhvqUtvHJkNW+a"
configure radius-accounting 1 timeout 10
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 15
enable radius-accounting
enable radius-accounting netlogin
configure account admin encrypted "$5$0tnSqy$YMlacN4Q1uxTQBHTzJdCsojS7EKucZ7MoceYSNGwwb3"
Slot-1 Stack.19 #
Slot-1 Stack.19 #
Slot-1 Stack.19 #
Slot-1 Stack.19 #
Slot-1 Stack.19 # sh config netlogin
#
# Module netLogin configuration.
#
enable netlogin dot1x mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 encrypted "}eqrthug"
enable netlogin ports 1:1 dot1x
enable netlogin ports 1:1 mac
configure netlogin dot1x ports 1:1 timers reauth-period 60
configure netlogin mac ports 1:1 timers reauth-period 60 reauthentication on
Slot-1 Stack.20 #
Slot-1 Stack.20 #
Slot-1 Stack.20 #
Slot-1 Stack.20 #
Slot-1 Stack.20 #
Slot-1 Stack.20 #
Slot-1 Stack.20 # sh config policy
#
# Module policy configuration.
#
enable policy
configure netlogin port 1:2 authentication mode optional
configure netlogin port 1:3 authentication mode optional
configure netlogin port 1:4 authentication mode optional
configure netlogin port 1:5 authentication mode optional
configure netlogin port 1:6 authentication mode optional
configure netlogin port 1:7 authentication mode optional
configure netlogin port 1:8 authentication mode optional
configure netlogin port 1:9 authentication mode optional
configure netlogin port 1:10 authentication mode optional
configure netlogin port 1:11 authentication mode optional
configure netlogin port 1:12 authentication mode optional
configure netlogin port 1:13 authentication mode optional
configure netlogin port 1:14 authentication mode optional
configure netlogin port 1:15 authentication mode optional
configure netlogin port 1:16 authentication mode optional
configure netlogin port 1:17 authentication mode optional
configure netlogin port 1:18 authentication mode optional
configure netlogin port 1:19 authentication mode optional
configure netlogin port 1:20 authentication mode optional
configure netlogin port 1:21 authentication mode optional
configure netlogin port 1:22 authentication mode optional
configure netlogin port 1:23 authentication mode optional
configure netlogin port 1:24 authentication mode optional
configure netlogin port 1:25 authentication mode optional
configure netlogin port 1:26 authentication mode optional
configure netlogin port 1:27 authentication mode optional
configure netlogin port 1:28 authentication mode optional
configure netlogin port 1:29 authentication mode optional
configure netlogin port 1:30 authentication mode optional
configure netlogin port 1:31 authentication mode optional
configure netlogin port 1:32 authentication mode optional
configure netlogin port 1:33 authentication mode optional
configure netlogin port 1:34 authentication mode optional
configure netlogin port 1:35 authentication mode optional
configure netlogin port 1:36 authentication mode optional
configure netlogin port 1:37 authentication mode optional
configure netlogin port 1:38 authentication mode optional
configure netlogin port 1:39 authentication mode optional
configure netlogin port 1:40 authentication mode optional
configure netlogin port 1:41 authentication mode optional
configure netlogin port 1:42 authentication mode optional
configure netlogin port 1:43 authentication mode optional
configure netlogin port 1:44 authentication mode optional
configure netlogin port 1:45 authentication mode optional
configure netlogin port 1:46 authentication mode optional
configure netlogin port 1:47 authentication mode optional
configure netlogin port 1:48 authentication mode optional
configure netlogin port 1:49 authentication mode optional
configure netlogin port 1:50 authentication mode optional
configure netlogin port 1:51 authentication mode optional
configure netlogin port 1:52 authentication mode optional
configure netlogin port 1:53 authentication mode optional
configure netlogin port 1:54 authentication mode optional
configure netlogin port 1:55 authentication mode optional
configure netlogin port 1:56 authentication mode optional
configure netlogin port 1:57 authentication mode optional
configure netlogin port 1:58 authentication mode optional
configure netlogin port 1:59 authentication mode optional
configure netlogin port 1:60 authentication mode optional
configure netlogin port 1:61 authentication mode optional
configure netlogin port 1:62 authentication mode optional
configure netlogin port 1:63 authentication mode optional
configure netlogin port 1:64 authentication mode optional
configure netlogin port 1:65 authentication mode optional
configure netlogin port 1:66 authentication mode optional
configure netlogin port 1:67 authentication mode optional
configure netlogin port 1:68 authentication mode optional
configure netlogin port 1:69 authentication mode optional
configure netlogin port 1:70 authentication mode optional
configure netlogin port 1:71 authentication mode optional
configure netlogin port 1:72 authentication mode optional
configure policy profile 1 name "Administrator" pvid-status "enable" pvid 4095 cos 3
configure policy profile 3 name "Failsafe"
configure policy profile 5 name "Deny Access" pvid-status "enable" pvid 0
configure policy profile 6 name "Guest Access" pvid-status "enable" pvid 4095 cos-status "enable" cos 1
configure policy profile 7 name "Enterprise Access" pvid-status "enable" pvid 4095 cos-status "enable" cos 3
configure policy profile 8 name "Quarantine" pvid-status "enable" pvid 0
configure policy profile 9 name "Unregistered" pvid-status "enable" pvid 0
configure policy profile 10 name "Enterprise User" pvid-status "enable" pvid 4095 cos-status "enable" cos 4
configure policy profile 11 name "Assessing" pvid-status "enable" pvid 0
configure policy rule 5 udpdestportIP 53 mask 16 forward
configure policy rule 5 udpdestportIP 67 mask 16 forward
configure policy rule 5 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 5 tcpdestportIP 8080 mask 16 forward
configure policy rule 5 tcpdestportIP 8443 mask 16 forward
configure policy rule 5 ether 0x0806 mask 16 forward
configure policy rule 6 udpdestportIP 53 mask 16 forward
configure policy rule 6 udpdestportIP 67 mask 16 forward
configure policy rule 6 tcpdestportIP 80 mask 16 forward
configure policy rule 6 tcpdestportIP 443 mask 16 forward
configure policy rule 6 tcpdestportIP 8080 mask 16 forward
configure policy rule 6 tcpdestportIP 8443 mask 16 forward
configure policy rule 6 ipproto 1 mask 8 drop
configure policy rule 6 ipproto 6 mask 8 drop
configure policy rule 6 ipproto 17 mask 8 drop
configure policy rule 6 ether 0x0806 mask 16 forward
configure policy rule 7 udpsourceportIP 53 mask 16 drop
configure policy rule 7 udpsourceportIP 67 mask 16 drop
configure policy rule 7 udpsourceportIP 69 mask 16 drop
configure policy rule 7 udpsourceportIP 161 mask 16 drop
configure policy rule 7 udpsourceportIP 162 mask 16 drop
configure policy rule 7 udpsourceportIP 520 mask 16 drop
configure policy rule 7 udpsourceportIP 1433 mask 16 drop
configure policy rule 7 udpsourceportIP 1434 mask 16 drop
configure policy rule 7 udpsourceportIP 1812 mask 16 drop
configure policy rule 7 udpsourceportIP 1813 mask 16 drop
configure policy rule 7 udpdestportIP 69 mask 16 drop
configure policy rule 7 udpdestportIP 161 mask 16 drop
configure policy rule 7 udpdestportIP 162 mask 16 drop
configure policy rule 7 udpdestportIP 1434 mask 16 drop
configure policy rule 7 udpdestportIP 1900 mask 16 drop
configure policy rule 7 tcpsourceportIP 0 mask 16 drop
configure policy rule 7 tcpsourceportIP 1 mask 16 drop
configure policy rule 7 tcpsourceportIP 2 mask 16 drop
configure policy rule 7 tcpsourceportIP 3 mask 16 drop
configure policy rule 7 tcpsourceportIP 4 mask 16 drop
configure policy rule 7 tcpsourceportIP 5 mask 16 drop
configure policy rule 7 tcpsourceportIP 6 mask 16 drop
configure policy rule 7 tcpsourceportIP 7 mask 16 drop
configure policy rule 7 tcpsourceportIP 8 mask 16 drop
configure policy rule 7 tcpsourceportIP 9 mask 16 drop
configure policy rule 7 tcpsourceportIP 10 mask 16 drop
configure policy rule 7 tcpsourceportIP 11 mask 16 drop
configure policy rule 7 tcpsourceportIP 12 mask 16 drop
configure policy rule 7 tcpsourceportIP 13 mask 16 drop
configure policy rule 7 tcpsourceportIP 14 mask 16 drop
configure policy rule 7 tcpsourceportIP 15 mask 16 drop
configure policy rule 7 tcpsourceportIP 16 mask 16 drop
configure policy rule 7 tcpsourceportIP 17 mask 16 drop
configure policy rule 7 tcpsourceportIP 18 mask 16 drop
configure policy rule 7 tcpsourceportIP 19 mask 16 drop
configure policy rule 7 tcpsourceportIP 20 mask 16 drop
configure policy rule 7 tcpsourceportIP 21 mask 16 drop
configure policy rule 7 tcpsourceportIP 22 mask 16 drop
configure policy rule 7 tcpsourceportIP 23 mask 16 drop
configure policy rule 7 tcpsourceportIP 25 mask 16 drop
configure policy rule 7 tcpsourceportIP 53 mask 16 drop
configure policy rule 7 tcpsourceportIP 80 mask 16 drop
configure policy rule 7 tcpsourceportIP 135 mask 16 cos 2
configure policy rule 7 tcpsourceportIP 137 mask 16 cos 2
configure policy rule 7 tcpsourceportIP 139 mask 16 drop
configure policy rule 7 tcpsourceportIP 443 mask 16 drop
configure policy rule 7 tcpsourceportIP 1433 mask 16 drop
configure policy rule 7 tcpsourceportIP 1434 mask 16 drop
configure policy rule 7 tcpsourceportIP 5000 mask 16 drop
configure policy rule 7 tcpsourceportIP 6346 mask 16 cos 2
configure policy rule 7 tcpdestportIP 22 mask 16 drop
configure policy rule 7 tcpdestportIP 23 mask 16 drop
configure policy rule 7 tcpdestportIP 80 mask 16 cos 2
configure policy rule 7 tcpdestportIP 137 mask 16 cos 2
configure policy rule 7 tcpdestportIP 1434 mask 16 drop
configure policy rule 7 tcpdestportIP 8080 mask 16 forward
configure policy rule 7 tcpdestportIP 8443 mask 16 forward
configure policy rule 7 iptos 176 mask 8 cos 6
configure policy rule 7 ipproto 1 mask 8 cos 2
configure policy rule 7 ipproto 89 mask 8 drop
configure policy rule 8 ipdest 10.170.110.91 mask 32 forward
configure policy rule 8 ipdest 10.170.120.91 mask 32 forward
configure policy rule 8 ipdest 10.170.130.91 mask 32 forward
configure policy rule 8 ipdest 10.170.140.91 mask 32 forward
configure policy rule 8 ipdest 10.170.150.91 mask 32 forward
configure policy rule 8 ipdest 10.170.160.91 mask 32 forward
configure policy rule 8 udpdestportIP 53 mask 16 forward
configure policy rule 8 udpdestportIP 67 mask 16 forward
configure policy rule 8 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 8 tcpdestportIP 8080 mask 16 forward
configure policy rule 8 tcpdestportIP 8443 mask 16 forward
configure policy rule 8 ether 0x0806 mask 16 forward
configure policy rule 9 udpdestportIP 53 mask 16 forward
configure policy rule 9 udpdestportIP 67 mask 16 forward
configure policy rule 9 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 9 tcpdestportIP 8080 mask 16 forward
configure policy rule 9 tcpdestportIP 8443 mask 16 forward
configure policy rule 9 ether 0x0806 mask 16 forward
configure policy rule 10 udpsourceportIP 53 mask 16 drop
configure policy rule 10 udpsourceportIP 67 mask 16 drop
configure policy rule 10 udpsourceportIP 69 mask 16 drop
configure policy rule 10 udpsourceportIP 161 mask 16 drop
configure policy rule 10 udpsourceportIP 162 mask 16 drop
configure policy rule 10 udpsourceportIP 520 mask 16 drop
configure policy rule 10 udpsourceportIP 1433 mask 16 drop
configure policy rule 10 udpsourceportIP 1434 mask 16 drop
configure policy rule 10 udpsourceportIP 1812 mask 16 drop
configure policy rule 10 udpsourceportIP 1813 mask 16 drop
configure policy rule 10 udpdestportIP 69 mask 16 drop
configure policy rule 10 udpdestportIP 161 mask 16 drop
configure policy rule 10 udpdestportIP 162 mask 16 drop
configure policy rule 10 udpdestportIP 1434 mask 16 drop
configure policy rule 10 udpdestportIP 1900 mask 16 drop
configure policy rule 10 tcpsourceportIP 0 mask 16 drop
configure policy rule 10 tcpsourceportIP 1 mask 16 drop
configure policy rule 10 tcpsourceportIP 2 mask 16 drop
configure policy rule 10 tcpsourceportIP 3 mask 16 drop
configure policy rule 10 tcpsourceportIP 4 mask 16 drop
configure policy rule 10 tcpsourceportIP 5 mask 16 drop
configure policy rule 10 tcpsourceportIP 6 mask 16 drop
configure policy rule 10 tcpsourceportIP 7 mask 16 drop
configure policy rule 10 tcpsourceportIP 8 mask 16 drop
configure policy rule 10 tcpsourceportIP 9 mask 16 drop
configure policy rule 10 tcpsourceportIP 10 mask 16 drop
configure policy rule 10 tcpsourceportIP 11 mask 16 drop
configure policy rule 10 tcpsourceportIP 12 mask 16 drop
configure policy rule 10 tcpsourceportIP 13 mask 16 drop
configure policy rule 10 tcpsourceportIP 14 mask 16 drop
configure policy rule 10 tcpsourceportIP 15 mask 16 drop
configure policy rule 10 tcpsourceportIP 16 mask 16 drop
configure policy rule 10 tcpsourceportIP 17 mask 16 drop
configure policy rule 10 tcpsourceportIP 18 mask 16 drop
configure policy rule 10 tcpsourceportIP 19 mask 16 drop
configure policy rule 10 tcpsourceportIP 20 mask 16 drop
configure policy rule 10 tcpsourceportIP 21 mask 16 drop
configure policy rule 10 tcpsourceportIP 22 mask 16 drop
configure policy rule 10 tcpsourceportIP 23 mask 16 drop
configure policy rule 10 tcpsourceportIP 25 mask 16 drop
configure policy rule 10 tcpsourceportIP 53 mask 16 drop
configure policy rule 10 tcpsourceportIP 80 mask 16 drop
configure policy rule 10 tcpsourceportIP 135 mask 16 cos 2
configure policy rule 10 tcpsourceportIP 137 mask 16 cos 2
configure policy rule 10 tcpsourceportIP 139 mask 16 drop
configure policy rule 10 tcpsourceportIP 443 mask 16 drop
configure policy rule 10 tcpsourceportIP 1433 mask 16 drop
configure policy rule 10 tcpsourceportIP 1434 mask 16 drop
configure policy rule 10 tcpsourceportIP 5000 mask 16 drop
configure policy rule 10 tcpsourceportIP 6346 mask 16 cos 2
configure policy rule 10 tcpdestportIP 22 mask 16 drop
configure policy rule 10 tcpdestportIP 23 mask 16 drop
configure policy rule 10 tcpdestportIP 80 mask 16 cos 2
configure policy rule 10 tcpdestportIP 137 mask 16 cos 2
configure policy rule 10 tcpdestportIP 1434 mask 16 drop
configure policy rule 10 tcpdestportIP 8080 mask 16 forward
configure policy rule 10 tcpdestportIP 8443 mask 16 forward
configure policy rule 10 iptos 176 mask 8 cos 6
configure policy rule 10 ipproto 1 mask 8 cos 2
configure policy rule 10 ipproto 6 mask 8 cos 5
configure policy rule 10 ipproto 89 mask 8 drop
configure policy rule 11 ipdest 10.170.110.91 mask 32 forward
configure policy rule 11 ipdest 10.170.120.91 mask 32 forward
configure policy rule 11 ipdest 10.170.130.91 mask 32 forward
configure policy rule 11 ipdest 10.170.140.91 mask 32 forward
configure policy rule 11 ipdest 10.170.150.91 mask 32 forward
configure policy rule 11 ipdest 10.170.160.91 mask 32 forward
configure policy rule 11 udpdestportIP 53 mask 16 forward
configure policy rule 11 udpdestportIP 67 mask 16 forward
configure policy rule 11 tcpdestportIP 80 mask 16 forward cos 8
configure policy rule 11 tcpdestportIP 8080 mask 16 forward
configure policy rule 11 tcpdestportIP 8443 mask 16 forward
configure policy rule 11 ether 0x0806 mask 16 forward
Slot-1 Stack.21 #
Slot-1 Stack.21 #
Slot-1 Stack.21 #
Slot-1 Stack.21 #
Regards
ZdenÄk Pala