cancel
Showing results for 
Search instead for 
Did you mean: 

NAC doesn't accept RADIUS requests from Summits

NAC doesn't accept RADIUS requests from Summits

Ilya_Semenov
Contributor
Hello, everybody,

I want to setup MAC-based auth on Summits using NAC as RADIUS for Identity-Management purposes.

Summit sends requests to NAC, NAC receives them, but denies. I suppose, that the summit is not set as Radius client in NAC.

What I have on the Summit:

# Module netLogin configuration.
#
configure netlogin vlan NTLG
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
enable netlogin ports 1-44 dot1x
enable netlogin ports 1-44 mac
configure netlogin ports 1 mode mac-based-vlans
configure netlogin ports 1 no-restart

configure radius netlogin primary server 192.168.13.251 1812 client-ip 192.168.13.5 vr VR-Default
configure radius netlogin primary shared-secret encrypted "#$OQazk8Nl5IHctghlB3infcpFFq9JBiFSRoujfikB"
enable radius netlogin

What I get on Summit after "enable netlogin dot1x mac" command:

05/30/2017 15:24:57.11 Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for F4-6D-04-1B-D0-9B(username 'F46D041BD09B') on port 19.
05/30/2017 15:24:55.10 Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for F0-BF-97-DC-23-E7(username 'F0BF97DC23E7') on port 15.
05/30/2017 15:24:52.11 Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for 14-DA-E9-F7-BC-59(username '14DAE9F7BC59') on port 9.
05/30/2017 15:24:52.11 Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for 3C-07-54-46-66-8D(username '3C075446668D') on port 6.
05/30/2017 15:24:52.11 Attempted the configured number of retries (3) to each of the 1 authentication servers without a server response for 50-46-5D-73-81-0A(username '50465D73810A') on port 5.

In this condition all the ports configured are blocked.

On that time on NAC I have the following:

2f10a0b6d0004699bb018201c641cfdf_RackMultipart20170530-19388-15og7r-222_inline.jpg



How can I make NAC to accept these requests?

Many thanks in advance,

Ilya

2 REPLIES 2

Ilya_Semenov
Contributor
Thanks, Ryan!

This did solve the issue. At last, I got Device Type and OS data into the Netsight.

Ryan_Yacobucci
Extreme Employee
Hello,

You have to add the switch into the NAC switches tab and enforce in order for NAC to see the switch as an authorized source.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Add-Switches-to-NAC-Appliance-Group

Thanks
-Ryan

GTM-P2G8KFN