cancel
Showing results for 
Search instead for 
Did you mean: 

Assign Vlan on MAC Netlogin with Freeradius

Assign Vlan on MAC Netlogin with Freeradius

MUHAMMAD_BAIMAT
New Contributor
I'm running on MAC Netlogin Authentication with Freeradius. BTW, I got a problem on Vlan after

authenticated. The Vlan can't be assigned to authenticated user as define in "user" file on

Freeradius. My configuration as below:

--- Switch SummitX 430 ---
unconfigure switch all
configure Defaut delete port all
create vlan Data tag 10
concfigure Data ipaddress 10.150.10.1
concfigure Data add port 1,2 untage <---port 1 connected to Freeradius
create vlan Voice tag 20
configure netlogin vlan Voice
enable netlogin mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 port 2
enable netlogin ports 2 mac
configure netlogin ports 2 mode port-based-vlans
configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1 vr vr-default
configure radius netlogin primary shared-secret mysecret
enable radius netlogin

--- Users file on Freeradius ---

0016ECBDA167 Cleartext-Password := 0016ECBDA167
Extreme-Netlogin-VLAN = UVoice,
Extreme-Netlogin-Extended-VLAN = UVoice,

--- Client.conf file on Freeradius ---

client Dist1 {
ipaddr = 10.150.10.1
secret = mysecret
require_message_authenticator = no
nastype = other
}

--------Log and Result-----------
Sending Access-Accept of id 58 to 10.150.10.1 port 32769
Extreme-Netlogin-Vlan = "UVoice"
Extreme-Netlogin-Extended-Vlan = "UVoice"

Questions :
1. Why the user can't be assigned to Vlan Voice, any thing wrong on User attributes?
2. I try "configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1" then got

error "IP address 10.150.10.1 is not configured in virtual router "VR-Mgmt" for server Primary

Net-Login" then I tried vr-default it work, is this the cause for the above problem?

Thank you
6 REPLIES 6

MUHAMMAD_BAIMAT
New Contributor
Thank you for your reply

but still Not work

The log on Freeradius show that "Access-Accept" but I set up the PC ip 30.0.0.9/24 then ping to 10.0.0.10, it's unreachable. Does the port will be shown on the Vlan?

* Dist1.1 # sh "Voice"VLAN Interface with name Voice created by user
Admin State: Enabled Tagging: 802.1Q Tag 20
Description: None
Virtual router: VR-Default
IPv4 Forwarding: Disabled
IPv4 MC Forwarding: Disabled
Primary IP: 30.0.0.10/24
IPv6 Forwarding: Disabled
IPv6 MC Forwarding: Disabled
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Enabled
NetLogin: Enabled
OpenFlow: Disabled
TRILL: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 0. (Number of active ports=0)

Karthik_Mohando
Extreme Employee
Hi Muhammad,

The error message which you have got is a expected one and that should not be the cause of the issue.

Can you try only with Extreme-Netlogin-Extended-Vlan = "UVoice" and see if it works?

GTM-P2G8KFN