Netlogin with AP on G1's, before AP Aware?
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-30-2021 05:13 PM
Hi,
Before the onset of G2 switches with policy and the ability to utilise AP Aware, I remember seeing an article that configured netlogin to simulate it?
In essence it replicates what AP Aware does on the switch and allows authentication to be performed on just the AP and not all end-systems coming through it.
Have tried to track down the information but been struggling.
Hoping someone might remember and point me in the right direction.
Many thanks in advance.
Before the onset of G2 switches with policy and the ability to utilise AP Aware, I remember seeing an article that configured netlogin to simulate it?
In essence it replicates what AP Aware does on the switch and allows authentication to be performed on just the AP and not all end-systems coming through it.
Have tried to track down the information but been struggling.
Hoping someone might remember and point me in the right direction.
Many thanks in advance.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-26-2022 12:58 PM
Hi Martin,
Did you succeed to do "AP Aware" without policy profile on EXOS ?
I'm trying to do the same thing but I don't know how to do this without Policy Profile.
As Policy Profile disable some netlogin features (Radius enforcement Vlan) and is limited to 64 profiles, I'm not sure this is the right way to handle AP auth and Wireless end-systems Auth.
Thanks !
Did you succeed to do "AP Aware" without policy profile on EXOS ?
I'm trying to do the same thing but I don't know how to do this without Policy Profile.
As Policy Profile disable some netlogin features (Radius enforcement Vlan) and is limited to 64 profiles, I'm not sure this is the right way to handle AP auth and Wireless end-systems Auth.
Thanks !
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-26-2022 01:21 PM
Hi David,
Apologies, not found the solution yet.
Pretty sure there was a GTAC article on it, even somewhere in my notes, but extensive searching has not turned anything up yet.
If I find out will post straight away.
Thanks,
Martin
Apologies, not found the solution yet.
Pretty sure there was a GTAC article on it, even somewhere in my notes, but extensive searching has not turned anything up yet.
If I find out will post straight away.
Thanks,
Martin
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2022 03:44 AM
Thank you for your quick reply.
So AP cannot be connected to a netlogin port, as auth-override is not possible without policy profile ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-27-2022 04:53 AM
Hi David,
It can, the issue is without AP Aware (Auth-Override) and you have a bridge@AP topology, any authentication taking place on the AP will also get authenticated again on the switch port.
Had another good look around, but not got much further.
Not sure if the answer is within this command:
configure netlogin ports [all | port_list] [allowed-users allowed_users | authentication mode [optional | required] | trap [all-traps | no-traps |[{success} {failed} {terminated} {max-reached}]]]
Where possibly you can set the allowed-users to 1? Not sure if that will be the AP itself, which is all you really want.
Maybe worth a go, and look at the netlogin sessions to see if it is as expected?
It can, the issue is without AP Aware (Auth-Override) and you have a bridge@AP topology, any authentication taking place on the AP will also get authenticated again on the switch port.
Had another good look around, but not got much further.
Not sure if the answer is within this command:
configure netlogin ports [all | port_list] [allowed-users allowed_users | authentication mode [optional | required] | trap [all-traps | no-traps |[{success} {failed} {terminated} {max-reached}]]]
Where possibly you can set the allowed-users to 1? Not sure if that will be the AP itself, which is all you really want.
Maybe worth a go, and look at the netlogin sessions to see if it is as expected?
