Assign Vlan on MAC Netlogin with Freeradius
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-22-2015 06:55 AM
I'm running on MAC Netlogin Authentication with Freeradius. BTW, I got a problem on Vlan after
authenticated. The Vlan can't be assigned to authenticated user as define in "user" file on
Freeradius. My configuration as below:
--- Switch SummitX 430 ---
unconfigure switch all
configure Defaut delete port all
create vlan Data tag 10
concfigure Data ipaddress 10.150.10.1
concfigure Data add port 1,2 untage <---port 1 connected to Freeradius
create vlan Voice tag 20
configure netlogin vlan Voice
enable netlogin mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 port 2
enable netlogin ports 2 mac
configure netlogin ports 2 mode port-based-vlans
configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1 vr vr-default
configure radius netlogin primary shared-secret mysecret
enable radius netlogin
--- Users file on Freeradius ---
0016ECBDA167 Cleartext-Password := 0016ECBDA167
Extreme-Netlogin-VLAN = UVoice,
Extreme-Netlogin-Extended-VLAN = UVoice,
--- Client.conf file on Freeradius ---
client Dist1 {
ipaddr = 10.150.10.1
secret = mysecret
require_message_authenticator = no
nastype = other
}
--------Log and Result-----------
Sending Access-Accept of id 58 to 10.150.10.1 port 32769
Extreme-Netlogin-Vlan = "UVoice"
Extreme-Netlogin-Extended-Vlan = "UVoice"
Questions :
1. Why the user can't be assigned to Vlan Voice, any thing wrong on User attributes?
2. I try "configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1" then got
error "IP address 10.150.10.1 is not configured in virtual router "VR-Mgmt" for server Primary
Net-Login" then I tried vr-default it work, is this the cause for the above problem?
Thank you
authenticated. The Vlan can't be assigned to authenticated user as define in "user" file on
Freeradius. My configuration as below:
--- Switch SummitX 430 ---
unconfigure switch all
configure Defaut delete port all
create vlan Data tag 10
concfigure Data ipaddress 10.150.10.1
concfigure Data add port 1,2 untage <---port 1 connected to Freeradius
create vlan Voice tag 20
configure netlogin vlan Voice
enable netlogin mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 port 2
enable netlogin ports 2 mac
configure netlogin ports 2 mode port-based-vlans
configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1 vr vr-default
configure radius netlogin primary shared-secret mysecret
enable radius netlogin
--- Users file on Freeradius ---
0016ECBDA167 Cleartext-Password := 0016ECBDA167
Extreme-Netlogin-VLAN = UVoice,
Extreme-Netlogin-Extended-VLAN = UVoice,
--- Client.conf file on Freeradius ---
client Dist1 {
ipaddr = 10.150.10.1
secret = mysecret
require_message_authenticator = no
nastype = other
}
--------Log and Result-----------
Sending Access-Accept of id 58 to 10.150.10.1 port 32769
Extreme-Netlogin-Vlan = "UVoice"
Extreme-Netlogin-Extended-Vlan = "UVoice"
Questions :
1. Why the user can't be assigned to Vlan Voice, any thing wrong on User attributes?
2. I try "configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1" then got
error "IP address 10.150.10.1 is not configured in virtual router "VR-Mgmt" for server Primary
Net-Login" then I tried vr-default it work, is this the cause for the above problem?
Thank you
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-23-2015 02:52 AM
Job done !! thank you for your great solution
really nice impression for my first post
really nice impression for my first post
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-22-2015 08:02 AM
Thats great!
I just noticed in the configuration that the Voice is added as a netlogin VLAN. The netlogin should be a temporary VLAN which is used only for the netlogin purpose.
it is recommended that we do not use any of the data VLAN as a netlogin VLAN.
The following article could help you get with the basic configuration for netlogin.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Mac-based-Netlogin-with-R...
So, lets say you are using temp vlan as the netlogin vlan. it will be used for the authentication. Once the user is authenticated, based on the VSA from the free-radius, the dynamic VLAN will be assigned.
So, no additional configuration is needed.
Hope this helps!!
I just noticed in the configuration that the Voice is added as a netlogin VLAN. The netlogin should be a temporary VLAN which is used only for the netlogin purpose.
it is recommended that we do not use any of the data VLAN as a netlogin VLAN.
The following article could help you get with the basic configuration for netlogin.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Mac-based-Netlogin-with-R...
So, lets say you are using temp vlan as the netlogin vlan. it will be used for the authentication. Once the user is authenticated, based on the VSA from the free-radius, the dynamic VLAN will be assigned.
So, no additional configuration is needed.
Hope this helps!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-22-2015 07:48 AM
Great !!!
now port 2 show on vlan Voice, but still can't ping the interface 30.0.0.10, I will try to solve that (might easy.. hopefully).
another issue is that I want to add difference vlan to each user as
user1 = vlan Voice
user2 = vlan Office
user3 = vlan staff
it can define on user file, but on switch do I have to configure anything more?
at the begin I configure netlogin voice only
configure netlogin vlan Voice
when I try to add new vlan, it show only the last added vlan
now port 2 show on vlan Voice, but still can't ping the interface 30.0.0.10, I will try to solve that (might easy.. hopefully).
another issue is that I want to add difference vlan to each user as
user1 = vlan Voice
user2 = vlan Office
user3 = vlan staff
it can define on user file, but on switch do I have to configure anything more?
at the begin I configure netlogin voice only
configure netlogin vlan Voice
when I try to add new vlan, it show only the last added vlan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-22-2015 07:27 AM
Hi Muhammad,
Thank you for trying the suggestion. When the port is successfully added to the dynamic VLAN, it should be shown in the show vlan output.
If the port 2 is the client connected port, can you try to remove it from the vlan data and check if that works.
concfigure Data add port 1,2 untage
As per this config, it is added as untagged in the vlan data
Thank you for trying the suggestion. When the port is successfully added to the dynamic VLAN, it should be shown in the show vlan output.
If the port 2 is the client connected port, can you try to remove it from the vlan data and check if that works.
concfigure Data add port 1,2 untage
As per this config, it is added as untagged in the vlan data
