extreme radius reauth
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-08-2019 01:05 PM
hello all, i hope you can help me
i'm working with extreme switch x440-24t and a cisco ise device, everything is working well, but in the posture phase the switch doesnt accept a radius reauthentication to move from from one vlan to another and then finally the result is going to be that in the ise device it's going to end up in another rule
i followed this guide to do it:
https://community.cisco.com/t5/security-documents/ise-2-4-posture-using-snmp-coa-with-extreme-switches/ta-p/3641460
and finally the only way to send radius attributes is to be via coa snmp?
i'm working with extreme switch x440-24t and a cisco ise device, everything is working well, but in the posture phase the switch doesnt accept a radius reauthentication to move from from one vlan to another and then finally the result is going to be that in the ise device it's going to end up in another rule
i followed this guide to do it:
https://community.cisco.com/t5/security-documents/ise-2-4-posture-using-snmp-coa-with-extreme-switches/ta-p/3641460
and finally the only way to send radius attributes is to be via coa snmp?
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-10-2019 01:07 PM
Hi Peter, we are running about 15 and 16 version there are really old images
i think i will not be able to do it, i will make the upgrade to make it in that way
Current State: OPERATIONAL
Image Selected: secondary
Image Booted: secondary
Primary ver: 15.2.2.7
Secondary ver: 16.2.5.4
patch1-7
and finally for web auth, with is line of config should i send web auth from a nac server to a client connected to port 23-24 from the extreme switch, or should i need a ios images or i'm missing some commands
enable netlogin dot1x mac web-based
configure netlogin authentication protocol-order mac dot1x web-based
enable netlogin ports 23-24 web-based
configure netlogin base-url "srv-nac.domain.com"
configure netlogin redirect-page "https://google.com"
enable netlogin reauthenticate-on-refresh
enable web http
enable web https
configure ssl certificate hash-algorithm sha512
configure dns-client add name-server 1.1.1.1 vr VR-Default
configure dns-client add domain-suffix domain.com
i followed this guide
https://community.extremenetworks.com/aaa-radius-230508/netlogin-web-based-example-6733869
https://www.dropbox.com/s/dnhja1paz9f4m7g/SVC%20Tech%20NI%20Tech%20Guide%20Switch%20Netlogin%20Web%20Auth%20v1.pdf?dl=0
please can you tell me if i need to make an upgrade to the switch?
i think i will not be able to do it, i will make the upgrade to make it in that way
Current State: OPERATIONAL
Image Selected: secondary
Image Booted: secondary
Primary ver: 15.2.2.7
Secondary ver: 16.2.5.4
patch1-7
and finally for web auth, with is line of config should i send web auth from a nac server to a client connected to port 23-24 from the extreme switch, or should i need a ios images or i'm missing some commands
enable netlogin dot1x mac web-based
configure netlogin authentication protocol-order mac dot1x web-based
enable netlogin ports 23-24 web-based
configure netlogin base-url "srv-nac.domain.com"
configure netlogin redirect-page "https://google.com"
enable netlogin reauthenticate-on-refresh
enable web http
enable web https
configure ssl certificate hash-algorithm sha512
configure dns-client add name-server 1.1.1.1 vr VR-Default
configure dns-client add domain-suffix domain.com
i followed this guide
https://community.extremenetworks.com/aaa-radius-230508/netlogin-web-based-example-6733869
https://www.dropbox.com/s/dnhja1paz9f4m7g/SVC%20Tech%20NI%20Tech%20Guide%20Switch%20Netlogin%20Web%20Auth%20v1.pdf?dl=0
please can you tell me if i need to make an upgrade to the switch?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-10-2019 08:11 AM
have you checked this:?
https://gtacknowledge.extremenetworks.com/articles/Q_A/Is-the-Change-of-Authorization-feature-available-in-EXOS/?q=xos+coa&l=en_US&fs=Search&pn=1
https://gtacknowledge.extremenetworks.com/articles/Q_A/Is-the-Change-of-Authorization-feature-available-in-EXOS/?q=xos+coa&l=en_US&fs=Search&pn=1
