cancel
Showing results for 
Search instead for 
Did you mean: 

Summit 450-G2 No RADIUS request send to NAC

Summit 450-G2 No RADIUS request send to NAC

Michael_Kirchne
Contributor
Hi folks,

I have a problem integrating a Summit x450-G2 into the NAC solution.
Summit x450-G2 running version: 16.1.3.6 .

I want to to mac authentication with NAC but it seems that the switch doesn't send any radius packets to the NAC. Ping is possible from Switch to NAC and from NAC to Switch.

the Show Radius command shows that 0 requests are sent.

Show Logging: "MAC authentication was initiated, but mac-list for virtual router VR-Default is empty"

In my opinion it seems that the switch tries to do a local authentication and no RADIUS authentication.

Config is made via NetSight Policy Manager running latest 6.3. Version.

I hope somebody has an idea.

Best Regards
Michael

Config:
#
# Module devmgr configuration. # configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000" configure sys-recovery-level switch reset # # Module vlan configuration. # configure vlan default delete ports all configure vr VR-Default delete ports 1-52 configure vr VR-Default add ports 1-52 configure vlan default delete ports 1-49 create qosprofile "QP2" create qosprofile "QP3" create qosprofile "QP4" create qosprofile "QP5" create qosprofile "QP6" create qosprofile "QP7" configure ports group "Default (IRL.1)" add 1-52 configure ports group "Default (TXQ.0)" add 1-52 create vlan "Test" configure vlan Test tag 2414 configure ports 49 auto off speed 10000 duplex full configure ports 50 auto off speed 10000 duplex full configure ports 51 auto off speed 10000 duplex full configure ports 52 auto off speed 10000 duplex full configure vlan Test add ports 49-52 tagged configure vlan Test add ports 1-48 untagged configure vlan Default add ports 49 tagged configure vlan Default add ports 50-52 untagged configure vlan Default ipaddress 172.16.1.85 255.255.255.0 configure vlan Mgmt ipaddress 10.10.10.10 255.255.255.0 configure qosscheduler strict-priority ports "Default (TXQ.0)" configure qosprofile QP1 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP2 maxbuffer 100 weight 1 configure qosprofile QP2 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP3 maxbuffer 100 weight 1 configure qosprofile QP3 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP4 maxbuffer 100 weight 1 configure qosprofile QP4 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP5 maxbuffer 100 weight 1 configure qosprofile QP5 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP6 maxbuffer 100 weight 1 configure qosprofile QP6 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP7 maxbuffer 100 weight 1 configure qosprofile QP7 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure qosprofile QP8 maxbuffer 100 weight 1 ports "Default (TXQ.0)" configure dot1p type 0 qosprofile QP1 ingress-meter ingmeter0 configure dot1p type 1 qosprofile QP2 ingress-meter ingmeter1 configure dot1p type 2 qosprofile QP3 ingress-meter ingmeter2 configure dot1p type 3 qosprofile QP4 ingress-meter ingmeter3 configure dot1p type 4 qosprofile QP5 ingress-meter ingmeter4 configure dot1p type 5 qosprofile QP6 ingress-meter ingmeter5 configure dot1p type 6 qosprofile QP7 ingress-meter ingmeter6 configure dot1p type 7 qosprofile QP8 ingress-meter ingmeter7 # # Module fdb configuration. # # # Module rtmgr configuration. # configure iproute add default 10.10.10.1 vr VR-Mgmt configure iproute add default 172.24.1.1 disable iproute ipv4 compression disable iproute ipv6 compression # # Module mcmgr configuration. # # # Module aaa configuration. # configure radius netlogin 1 server 172.16.2.131 1812 client-ip 172.16.1.85 vr VR-Default configure radius 1 shared-secret encrypted XXX configure radius netlogin 2 server 172.16.2.132 1812 client-ip 172.16.1.85 vr VR-Default configure radius 2 shared-secret encrypted XXX configure radius-accounting netlogin server 1 172.16.2.131 1812 client-ip 172.16.1.85 vr VR-Default configure radius-accounting 1 shared-secret encrypted XXX configure radius-accounting 1 timeout 10 configure radius-accounting netlogin server 2 172.16.2.132 1812 client-ip 172.16.1.85 vr VR-Default configure radius-accounting 2 shared-secret encrypted XXX configure radius-accounting 2 timeout 10 enable radius disable radius mgmt-access enable radius netlogin configure radius timeout 15 enable radius-accounting disable radius-accounting mgmt-access enable radius-accounting netlogin configure account admin encrypted XXX # # Module acl configuration. # # # Module bfd configuration. # # # Module ces configuration. # # # Module cfgmgr configuration. # # # Module dosprotect configuration. # # # Module dot1ag configuration. # # # Module eaps configuration. # # # Module edp configuration. # # # Module elrp configuration. # # # Module ems configuration. # # # Module epm configuration. # # # Module erps configuration. # # # Module esrp configuration. # # # Module ethoam configuration. # # # Module etmon configuration. # # # Module hal configuration. # # # Module idMgr configuration. # # # Module ipSecurity configuration. # # # Module ipfix configuration. # # # Module lldp configuration. # # # Module mrp configuration. # # # Module msdp configuration. # # # Module netLogin configuration. # enable netlogin dot1x mac configure netlogin mac authentication database-order radius configure netlogin authentication protocol-order dot1x mac web-based configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 enable netlogin ports 1-48 dot1x enable netlogin ports 1-48 mac configure netlogin mac ports 1 timers reauthentication on configure netlogin mac ports 2 timers reauthentication on configure netlogin mac ports 3 timers reauthentication on configure netlogin mac ports 4 timers reauthentication on configure netlogin mac ports 5 timers reauthentication on configure netlogin mac ports 6 timers reauthentication on configure netlogin mac ports 7 timers reauthentication on configure netlogin mac ports 8 timers reauthentication on configure netlogin mac ports 9 timers reauthentication on configure netlogin mac ports 10 timers reauthentication on configure netlogin mac ports 11 timers reauthentication on configure netlogin mac ports 12 timers reauthentication on configure netlogin mac ports 13 timers reauthentication on configure netlogin mac ports 14 timers reauthentication on configure netlogin mac ports 15 timers reauthentication on configure netlogin mac ports 16 timers reauthentication on configure netlogin mac ports 17 timers reauthentication on configure netlogin mac ports 18 timers reauthentication on configure netlogin mac ports 19 timers reauthentication on configure netlogin mac ports 20 timers reauthentication on configure netlogin mac ports 21 timers reauthentication on configure netlogin mac ports 22 timers reauthentication on configure netlogin mac ports 23 timers reauthentication on configure netlogin mac ports 24 timers reauthentication on configure netlogin mac ports 25 timers reauthentication on configure netlogin mac ports 26 timers reauthentication on configure netlogin mac ports 27 timers reauthentication on configure netlogin mac ports 28 timers reauthentication on configure netlogin mac ports 29 timers reauthentication on configure netlogin mac ports 30 timers reauthentication on configure netlogin mac ports 31 timers reauthentication on configure netlogin mac ports 32 timers reauthentication on configure netlogin mac ports 33 timers reauthentication on configure netlogin mac ports 34 timers reauthentication on configure netlogin mac ports 35 timers reauthentication on configure netlogin mac ports 36 timers reauthentication on configure netlogin mac ports 37 timers reauthentication on configure netlogin mac ports 38 timers reauthentication on configure netlogin mac ports 39 timers reauthentication on configure netlogin mac ports 40 timers reauthentication on configure netlogin mac ports 41 timers reauthentication on configure netlogin mac ports 42 timers reauthentication on configure netlogin mac ports 43 timers reauthentication on configure netlogin mac ports 44 timers reauthentication on configure netlogin mac ports 45 timers reauthentication on configure netlogin mac ports 46 timers reauthentication on configure netlogin mac ports 47 timers reauthentication on configure netlogin mac ports 48 timers reauthentication on # # Module netTools configuration. # # # Module ntp configuration. # # # Module poe configuration. # # # Module policy configuration. # enable policy configure netlogin port 1 authentication mode optional configure netlogin port 2 authentication mode optional configure netlogin port 3 authentication mode optional configure netlogin port 4 authentication mode optional configure netlogin port 5 authentication mode optional configure netlogin port 6 authentication mode optional configure netlogin port 7 authentication mode optional configure netlogin port 8 authentication mode optional configure netlogin port 9 authentication mode optional configure netlogin port 10 authentication mode optional configure netlogin port 11 authentication mode optional configure netlogin port 12 authentication mode optional configure netlogin port 13 authentication mode optional configure netlogin port 14 authentication mode optional configure netlogin port 15 authentication mode optional configure netlogin port 16 authentication mode optional configure netlogin port 17 authentication mode optional configure netlogin port 18 authentication mode optional configure netlogin port 19 authentication mode optional configure netlogin port 20 authentication mode optional configure netlogin port 21 authentication mode optional configure netlogin port 22 authentication mode optional configure netlogin port 23 authentication mode optional configure netlogin port 24 authentication mode optional configure netlogin port 25 authentication mode optional configure netlogin port 26 authentication mode optional configure netlogin port 27 authentication mode optional configure netlogin port 28 authentication mode optional configure netlogin port 29 authentication mode optional configure netlogin port 30 authentication mode optional configure netlogin port 31 authentication mode optional configure netlogin port 32 authentication mode optional configure netlogin port 33 authentication mode optional configure netlogin port 34 authentication mode optional configure netlogin port 35 authentication mode optional configure netlogin port 36 authentication mode optional configure netlogin port 37 authentication mode optional configure netlogin port 38 authentication mode optional configure netlogin port 39 authentication mode optional configure netlogin port 40 authentication mode optional configure netlogin port 41 authentication mode optional configure netlogin port 42 authentication mode optional configure netlogin port 43 authentication mode optional configure netlogin port 44 authentication mode optional configure netlogin port 45 authentication mode optional configure netlogin port 46 authentication mode optional configure netlogin port 47 authentication mode optional configure netlogin port 48 authentication mode optional configure netlogin port 49 authentication mode optional configure netlogin port 50 authentication mode optional configure netlogin port 51 authentication mode optional configure netlogin port 52 authentication mode optional # # Module rip configuration. # # # Module r.png configuration. # # # Module snmpMaster configuration. # ... # # Module stp configuration. # # # Module synce configuration. # # # Module techSupport configuration. # enable tech-support collector # # Module telnetd configuration. # # # Module tftpd configuration. # # # Module thttpd configuration. # configure ssl certificate hash-algorithm sha512 # # Module twamp configuration. # # # Module vmt configuration. # # # Module vsm configuration. #


8 REPLIES 8

Michael_Kirchne
Contributor
Wow, thanks a lot!

M_Nees
Contributor III
Hi Michael,

i think you are victim of this bug:
RADIUS Authentication Stops Working on an EXOS Switch

Regards

M_Nees
Contributor III
Hi Brian,

the behaviour you describe seems (to my oppion) generate the following needed config line:
"configure netlogin add mac-list default"

Michael_Kirchne
Contributor
Hi Brian, Pala and Matthias,

thanks for your help. Surprisingly it started working during the weekend... ?!?
Configuring the password for MAC auth did no harm, so I configured it.

Thanks a lot 🙂

Best Regards

Michael

GTM-P2G8KFN