Assign Vlan on MAC Netlogin with Freeradius
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-22-2015 06:55 AM
I'm running on MAC Netlogin Authentication with Freeradius. BTW, I got a problem on Vlan after
authenticated. The Vlan can't be assigned to authenticated user as define in "user" file on
Freeradius. My configuration as below:
--- Switch SummitX 430 ---
unconfigure switch all
configure Defaut delete port all
create vlan Data tag 10
concfigure Data ipaddress 10.150.10.1
concfigure Data add port 1,2 untage <---port 1 connected to Freeradius
create vlan Voice tag 20
configure netlogin vlan Voice
enable netlogin mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 port 2
enable netlogin ports 2 mac
configure netlogin ports 2 mode port-based-vlans
configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1 vr vr-default
configure radius netlogin primary shared-secret mysecret
enable radius netlogin
--- Users file on Freeradius ---
0016ECBDA167 Cleartext-Password := 0016ECBDA167
Extreme-Netlogin-VLAN = UVoice,
Extreme-Netlogin-Extended-VLAN = UVoice,
--- Client.conf file on Freeradius ---
client Dist1 {
ipaddr = 10.150.10.1
secret = mysecret
require_message_authenticator = no
nastype = other
}
--------Log and Result-----------
Sending Access-Accept of id 58 to 10.150.10.1 port 32769
Extreme-Netlogin-Vlan = "UVoice"
Extreme-Netlogin-Extended-Vlan = "UVoice"
Questions :
1. Why the user can't be assigned to Vlan Voice, any thing wrong on User attributes?
2. I try "configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1" then got
error "IP address 10.150.10.1 is not configured in virtual router "VR-Mgmt" for server Primary
Net-Login" then I tried vr-default it work, is this the cause for the above problem?
Thank you
authenticated. The Vlan can't be assigned to authenticated user as define in "user" file on
Freeradius. My configuration as below:
--- Switch SummitX 430 ---
unconfigure switch all
configure Defaut delete port all
create vlan Data tag 10
concfigure Data ipaddress 10.150.10.1
concfigure Data add port 1,2 untage <---port 1 connected to Freeradius
create vlan Voice tag 20
configure netlogin vlan Voice
enable netlogin mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 port 2
enable netlogin ports 2 mac
configure netlogin ports 2 mode port-based-vlans
configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1 vr vr-default
configure radius netlogin primary shared-secret mysecret
enable radius netlogin
--- Users file on Freeradius ---
0016ECBDA167 Cleartext-Password := 0016ECBDA167
Extreme-Netlogin-VLAN = UVoice,
Extreme-Netlogin-Extended-VLAN = UVoice,
--- Client.conf file on Freeradius ---
client Dist1 {
ipaddr = 10.150.10.1
secret = mysecret
require_message_authenticator = no
nastype = other
}
--------Log and Result-----------
Sending Access-Accept of id 58 to 10.150.10.1 port 32769
Extreme-Netlogin-Vlan = "UVoice"
Extreme-Netlogin-Extended-Vlan = "UVoice"
Questions :
1. Why the user can't be assigned to Vlan Voice, any thing wrong on User attributes?
2. I try "configure radius netlogin primary server 10.150.10.150 client-ip 10.150.10.1" then got
error "IP address 10.150.10.1 is not configured in virtual router "VR-Mgmt" for server Primary
Net-Login" then I tried vr-default it work, is this the cause for the above problem?
Thank you
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-22-2015 07:21 AM
Thank you for your reply
but still Not work
The log on Freeradius show that "Access-Accept" but I set up the PC ip 30.0.0.9/24 then ping to 10.0.0.10, it's unreachable. Does the port will be shown on the Vlan?
* Dist1.1 # sh "Voice"VLAN Interface with name Voice created by user
Admin State: Enabled Tagging: 802.1Q Tag 20
Description: None
Virtual router: VR-Default
IPv4 Forwarding: Disabled
IPv4 MC Forwarding: Disabled
Primary IP: 30.0.0.10/24
IPv6 Forwarding: Disabled
IPv6 MC Forwarding: Disabled
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Enabled
NetLogin: Enabled
OpenFlow: Disabled
TRILL: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 0. (Number of active ports=0)
but still Not work
The log on Freeradius show that "Access-Accept" but I set up the PC ip 30.0.0.9/24 then ping to 10.0.0.10, it's unreachable. Does the port will be shown on the Vlan?
* Dist1.1 # sh "Voice"VLAN Interface with name Voice created by user
Admin State: Enabled Tagging: 802.1Q Tag 20
Description: None
Virtual router: VR-Default
IPv4 Forwarding: Disabled
IPv4 MC Forwarding: Disabled
Primary IP: 30.0.0.10/24
IPv6 Forwarding: Disabled
IPv6 MC Forwarding: Disabled
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Enabled
NetLogin: Enabled
OpenFlow: Disabled
TRILL: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 0. (Number of active ports=0)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-22-2015 07:10 AM
Hi Muhammad,
The error message which you have got is a expected one and that should not be the cause of the issue.
Can you try only with Extreme-Netlogin-Extended-Vlan = "UVoice" and see if it works?
The error message which you have got is a expected one and that should not be the cause of the issue.
Can you try only with Extreme-Netlogin-Extended-Vlan = "UVoice" and see if it works?
