This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to configure dot1x auth with NAC and AD

How to configure dot1x auth with NAC and AD

Ashraf
New Contributor

‎01-15-2019 04:47 AM

exos switch ip:10.10.1.254
nac ip:10.10.1.201
ad ip:10.10.1.204

exos config:
Netlogin
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based
enable netlogin ports 3-28 dot1x
enable netlogin ports 3-28 mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac ports 3 timers reauthentication on
aaa
enable netlogin dot1x mac
configure netlogin authentication protocol-order dot1x mac web-based
enable netlogin ports 3-28 dot1x
enable netlogin ports 3-28 mac
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac ports 3 timers reauthentication on
VLAN config
configure vlan Default add ports 1-28 untagged
configure vlan Default ipaddress 10.10.1.254 255.255.255.0
enable ipforwarding vlan Default
NAC CONFIG:

2b59716147b448db8e9490cadb3566ab_71f1c0aa-2216-4c23-bf32-dcf069bac0ca.png


2b59716147b448db8e9490cadb3566ab_158170a1-23f9-42f7-9c04-3b8fd25231b1.png


2b59716147b448db8e9490cadb3566ab_2f069a67-68be-4c7b-a83a-0d26ca13b409.png



2b59716147b448db8e9490cadb3566ab_a42223d9-1ec6-4b0b-85a7-89a04b1aab93.png


2b59716147b448db8e9490cadb3566ab_e9cc2662-1dcb-45e1-a496-995a9f93982e.png

0 Kudos
7 REPLIES 7

Ashraf
New Contributor

‎01-15-2019 09:55 AM

i have deleted advance aaa on nac
i have change basic to advance
0 Kudos

Ashraf
New Contributor

‎01-15-2019 09:54 AM

here aaa configuration

configure radius netlogin 1 server 10.10.1.201 1812 client-ip 10.10.1.254 vr VR-Default
configure radius 1 shared-secret encrypted "#$H6YKEMmpgZRQk4/3ZdZ92pVm5Hk/CXk/2HCOmoHAXF8aH95P9HI="
configure radius-accounting netlogin 1 server 10.10.1.201 1813 client-ip 10.10.1.254 vr VR-Default
configure radius-accounting 1 shared-secret encrypted "#$u/KlXkwtQYtxcaLzMBFRZNJ3P40ahHVoYZQKgn1moK1Q8R+3INg="
configure radius-accounting 1 timeout 10
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 15
enable radius-accounting
disable radius-accounting mgmt-access
enable radius-accounting netlogin
0 Kudos

Zdeněk_Pala
Extreme Employee

‎01-15-2019 06:49 AM

Hi.

it seems you have two AAA configurations in your NAC. One is “basic” one is “advanced”.
i guess your NAC configurationnis using the basic one.

option 1: change the nac configuration to use the aaa configuration “advanced” with two rules you have there.
option 2: change the basic configuration to the “asvanced” (right click on the aaa configuration, make advanced).

do not forget to enforce. In your switch config I do not see AAA configuration. If you have CLI credentials working in Extreme Management Center and if the switch is assigned to the Access Control Engine and you leave the default values when you add the switch to the acceas control engine then the AAA will be configured for you. Otherwise you need to setup radius on the switch.
Regards Zdeněk Pala
0 Kudos
Top
GTM-P2G8KFN