This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to configure dot1x auth with NAC and AD

How to configure dot1x auth with NAC and AD

Ashraf
New Contributor

‎01-15-2019 04:47 AM

exos switch ip:10.10.1.254
nac ip:10.10.1.201
ad ip:10.10.1.204

exos config:
Netlogin
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based
enable netlogin ports 3-28 dot1x
enable netlogin ports 3-28 mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac ports 3 timers reauthentication on
aaa
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based
enable netlogin ports 3-28 dot1x
enable netlogin ports 3-28 mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac ports 3 timers reauthentication on
VLAN config
configure vlan Default add ports 1-28 untagged
configure vlan Default ipaddress 10.10.1.254 255.255.255.0
enable ipforwarding vlan Default
NAC CONFIG:

2b59716147b448db8e9490cadb3566ab_71f1c0aa-2216-4c23-bf32-dcf069bac0ca.png


2b59716147b448db8e9490cadb3566ab_158170a1-23f9-42f7-9c04-3b8fd25231b1.png


2b59716147b448db8e9490cadb3566ab_2f069a67-68be-4c7b-a83a-0d26ca13b409.png



2b59716147b448db8e9490cadb3566ab_a42223d9-1ec6-4b0b-85a7-89a04b1aab93.png


2b59716147b448db8e9490cadb3566ab_e9cc2662-1dcb-45e1-a496-995a9f93982e.png

0 Kudos
7 REPLIES 7

Justine_Silbery
New Contributor

‎06-18-2019 08:41 PM

Hi

Did you manage to do configure dot1x auth with Nac and AD? Is there any documentation available?

I would appreciate your help

Regard
Justine
0 Kudos

Zdeněk_Pala
Extreme Employee

‎02-11-2019 07:59 AM

Please share the error message you see in the end-system table.
Please share the supplicant config on your end system.
Regards Zdeněk Pala
0 Kudos

Ashraf
New Contributor

‎02-08-2019 07:22 AM

do you got guide to do this?

Questions:
1 = do you see radius request coming from the switch to your Access Control Engine?
2 = do you see dot1x in the radius request? or just MACauthentication?
3 = do you see end-system in the end-system table? how it looks like "accept / error"
4 = What is the supplicant (client) setting?
5 = anything in the logs?

1=yes
2=both
3=error
4=enable dot1x login
5=no
0 Kudos

Zdeněk_Pala
Extreme Employee

‎01-19-2019 01:36 PM

Questions:
1 = do you see radius request coming from the switch to your Access Control Engine?
2 = do you see dot1x in the radius request? or just MACauthentication?
3 = do you see end-system in the end-system table? how it looks like "accept / error"
4 = What is the supplicant (client) setting?
5 = anything in the logs?
Regards Zdeněk Pala
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN