Extreme Networks

Jeremy_Gibbs · ‎12-12-2016

I have several x460G2 switches that refuse to put ports in the correct vlan using RFC3580. I have NAC sending back VLAN ID and Extreme Policy. vlanauthorization is enabled globally, and on the ports. I am running version 22 of code. I use this to automatically put cameras, wireless APs, printers etc.. in to the correct VLAN. Everything works fine on the S4, B5, C5, A4 series switches. It's just the x460s that DONT work.

Any ideas?

Jeremy_Gibbs · ‎12-12-2016

Spoke too soon.. It doesn't work. This has got to be a bug in the code as the Enterasys stuff just works.

Jeremy_Gibbs · ‎12-12-2016

Well, this fixed it:
configure netlogin ports 7:48 authentication mode required
However, I believe with this setting, if AUTH fails, all packets are discarded. I would prefer this NOT to happen. I believe you can't use a default role when you set authentication up this way.

Jeremy_Gibbs · ‎12-12-2016

This is a working B5 using rfc3580 vlanauth

Here is the same command run (just on the one port I am testing on the 460 G2)

Jeremy_Gibbs · ‎12-12-2016

Also... I can see that it is sending the vlan (tunnel attribute) 1001. Vlan 1001 is AdminComputer VLAN.

Port : 7:48 Station address : c4:34:6b:5e:78:7d Auth status : success Last attempt : Mon Dec 12 14:56:50 2016
Agent type : dot1x Session applied : true
Server type : radius VLAN-Tunnel-Attr : 1001
Policy index : 9 Policy name : Admin_Computers (active)
Session timeout : 0 Session duration : 0:10:04
Idle timeout : 300 Idle time : 0:00:45
Termination time: Not Terminated

Extreme Networks

Using vlanauthorization RFC3580 on x460G2 and policy.

Using vlanauthorization RFC3580 on x460G2 and policy.