Extreme Networks

EF · Tuesday

Hi Team,

Im looking for univerval config port, all with auto-sense enabled and global RADIUS config, so all ports have MHMV enabled.

If a connect a laptop/pc is auth with EAP on RADIUS.

If connect phone/AP (XIQ) is auth locally by autosense. Besides the AP trought FA tells the switch VLANs on port used by SSIDs.

The world is wonderfull until wifi user´s MAC appears on port, this (all of them) are send to RADIUS as NEAP (remember MHMV is enabled on port) and is reject by this as no policy is configured.

Is there any way to avoid NEAP auth from MACs in VLANs learned on switch port by FA from AP? These VLANs that are used by SSIDs that have their own auth methods.

Cheers!!

EF

James_A · Tuesday

You need to send Extreme-Dynamic-MHSA='1' for APs. It requires setting up another RADIUS attributes to send profile, see https://extreme-networks.my.site.com/ExtrArticleDetail?an=000117569 for instructions

View solution in original post

EF · Wednesday

Hi James_A

thx a lot for your response from your link the "option B" "auto-sense fa wap-type1 eapol status authorized"

Match with my config.

Thanks!!!

EF

EF · Tuesday

Hi Team,

I believe i found my error, the AP has auth via RADIUS, so MACs from wifi client are send to RADIUS too:

If a configure on SW "auto-sense fa wap-type1 eapol status authorized" no more neap sessions are seen:

And client gets IP:

But I would like if this in the correct config to avoid auth wifi users MAC.

Cheers!!

EF

James_A · Tuesday

You need to send Extreme-Dynamic-MHSA='1' for APs. It requires setting up another RADIUS attributes to send profile, see https://extreme-networks.my.site.com/ExtrArticleDetail?an=000117569 for instructions

Extreme Networks

VOSS - autosense + eap/neap users wifi problem

VOSS - autosense + eap/neap users wifi problem