debug netlogin XOS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-10-2015 06:14 AM
Hi Folks,
how can i debug the following error message regarding mac authentiication on recent XOS 15.5.4.2 (BD8810) and solving the problem?
Reboot of the end-system does not help. Shutting down netlogin - end-system running at once over the manually configured vlan.
MSM-A: Authentication failed for Network Login MAC user 18A905BB9E50 Mac 18:A9:05:BB:9E:50 port 7:39
Here the show netlogin for this port:
show netlogin port 7:39
Port : 7:39
Port Restart : Disabled
Allow Egress : None
Vlan : Default
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
MAC IP address Authenticated Type ReAuth-Timer User
18:a9:05??9e:50 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port : 7:39
Port Restart : Disabled
Allow Egress : None
Vlan : VTelefon
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Number of Clients Authenticated : 2
The is a very simple MAC Auth so i cannot understand why the netlogin should failed !
As a background information i run an update from XOS 12.6.2.10 to 15.5.4.2 yesterday evening.
how can i debug the following error message regarding mac authentiication on recent XOS 15.5.4.2 (BD8810) and solving the problem?
Reboot of the end-system does not help. Shutting down netlogin - end-system running at once over the manually configured vlan.
MSM-A: Authentication failed for Network Login MAC user 18A905BB9E50 Mac 18:A9:05:BB:9E:50 port 7:39
Here the show netlogin for this port:
show netlogin port 7:39
Port : 7:39
Port Restart : Disabled
Allow Egress : None
Vlan : Default
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
MAC IP address Authenticated Type ReAuth-Timer User
18:a9:05??9e:50 0.0.0.0 No MAC 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port : 7:39
Port Restart : Disabled
Allow Egress : None
Vlan : VTelefon
Authentication : mac-based
Port State : Enabled
Guest Vlan : Disabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Number of Clients Authenticated : 2
The is a very simple MAC Auth so i cannot understand why the netlogin should failed !
As a background information i run an update from XOS 12.6.2.10 to 15.5.4.2 yesterday evening.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-10-2015 03:29 PM
Great! Thanks for sharing your solution with the community.
Sending the VSA with T adds the port tagged and U add the port as untagged.
Sending the VSA with T adds the port tagged and U
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-10-2015 03:06 PM
I got the problem.
I turn on debug for netlogin:
enable log debug-mode
enable log display
configure log filter "DefaultFilter" add events nl severity debug-verbose
configure log filter "DefaultFilter" add events AAA.RADIUS severity debug-verbose
Then i can read the netlogin Framework have problems with binding the regarding vlan tagged AND untagged!
So because the used RFC3580 RADIUS communication does not specify tagged or untagged usage of the VLAN i switch over to Extreme netlogin VSAs which specify this (= T80 = VLAN 80 tagged)!
This solved my problem complettely!
Regards
I turn on debug for netlogin:
enable log debug-mode
enable log display
configure log filter "DefaultFilter" add events nl severity debug-verbose
configure log filter "DefaultFilter" add events AAA.RADIUS severity debug-verbose
Then i can read the netlogin Framework have problems with binding the regarding vlan tagged AND untagged!
So because the used RFC3580 RADIUS communication does not specify tagged or untagged usage of the VLAN i switch over to Extreme netlogin VSAs which specify this (= T80 = VLAN 80 tagged)!
This solved my problem complettely!
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-10-2015 03:02 PM
Hi William,
netlogin is running since several years without bigger problems. From Radius point of View Requests and Responses are OK!
netlogin is running since several years without bigger problems. From Radius point of View Requests and Responses are OK!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-10-2015 02:30 PM
I just made this article for you. Hope this helps. If not, let me know.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Mac-based-Netlogin-with-R...
I would also check to make sure the switch is sending "Acct Requests" and is receiving "Acct Responses" with the "show radius" command.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Mac-based-Netlogin-with-R...
I would also check to make sure the switch is sending "Acct Requests" and is receiving "Acct Responses" with the "show radius" command.
