This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Netlogin 802.1x guest VLAN command missing
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Netlogin 802.1x guest VLAN command missing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Friday
Hello folks,
I am configuring 802.1x on X450-G2 switch and I while trying to configure guest access I realized, that the commands I found in KB and in documentation are simply not there. I am talking about these commands:
- configure netlogin dot1x guest-vlan vlan_name {ports port_list}
- enable netlogin dot1x guest-vlan ports [all |ports]
What I see is this:
* Slot-1 SWITCH.1 # configure netlogin dot1x ?
eapol-transmit-version Configure EAPOL MPDU version transmitted to supplicant
ports Specify list of ports to configure 802.1X protocol timers
radius-accounting Configure 802.1X client's RADIUS accounting setting
tag-eapol Configure whether EAPOL packets are sent with or without a VLAN tag on tagged ports.
timers Configure 802.1X protocol timersCan anyone tell me what am I doing wrong, or at least point me in the right direction? My OS version is 31.7.4.2.
Thank you in advance!
Robert
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Saturday
I am assuming you have policy enabled (enable policy; show configuration policy).
With policy enabled, some netlogin features, like the 'guest VLAN', are no longer available as policy uses a different model for authentication.
With policy enabled, instead of defining a netlogin guest VLAN, you would generally create a guest policy profile that clients are authenticated into to assign some guest VLAN, as defined by the policy profile configuration and your NAC solution.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Saturday
I am assuming you have policy enabled (enable policy; show configuration policy).
With policy enabled, some netlogin features, like the 'guest VLAN', are no longer available as policy uses a different model for authentication.
With policy enabled, instead of defining a netlogin guest VLAN, you would generally create a guest policy profile that clients are authenticated into to assign some guest VLAN, as defined by the policy profile configuration and your NAC solution.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
7 hours ago
Hello Gabriel,
Thank you for your reply.
We indeed do use policy to restrict SSH access to the device, so that could be the case. I had no idea that using policy would have such side effects. Not sure if it is explicitly stated somewhere, but it would be nice if at least the CLI documentation mentioned this is not available under certain circumstances to avoid confusion. 🤔
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
5 hours ago
Hi Robert,
I generally agree with you.
I will shout out that the CLI does hint at this behavior when policy is enabled:
* Switch.1 # enable policy
Warning: Enabling Policy will cause some Netlogin settings (such as VLANs and dynamically created VLANs) to be cleared.
Additionally, this is documented in the user guide under the policy section.
"When enabling policy, all VLAN-level commands supported in non-policy mode are lost, including:
..."
