Problem: Netlogin and APs, cameras, printers: devices don't work on port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-28-2018 09:26 AM
Hello, team,
I've enabled netlogin on summits and it gives me all data I need. But there is a trouble has appeared. On ports where APs, Printers, cameras connected and netlogin is enabled these devices became inaccessible.
What is a reason for such behaviour?
May be there is a magic checkbox in NAC which will solve my problem?
Here is my config on switches:
configure radius netlogin primary server 192.168.128.160 1812 client-ip 192.168.21.185 vr VR-Default
configure radius netlogin primary shared-secret encrypted "***"
configure radius netlogin secondary server 192.168.128.162 1812 client-ip 192.168.21.185 vr VR-Default
configure radius netlogin secondary shared-secret encrypted "***"
configure radius-accounting netlogin primary server 192.168.128.160 1813 client-ip 192.168.21.185 vr VR-Default
configure radius-accounting netlogin primary shared-secret encrypted "***"
configure radius-accounting netlogin secondary server 192.168.128.162 1813 client-ip 192.168.21.185 vr VR-Default
configure radius-accounting netlogin secondary shared-secret encrypted "***"
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 15
configure radius mgmt-access timeout 15
configure radius netlogin timeout 15
enable radius-accounting
disable radius-accounting mgmt-access
enable radius-accounting netlogin
Many thanks in advance,
Ilya
I've enabled netlogin on summits and it gives me all data I need. But there is a trouble has appeared. On ports where APs, Printers, cameras connected and netlogin is enabled these devices became inaccessible.
What is a reason for such behaviour?
May be there is a magic checkbox in NAC which will solve my problem?
Here is my config on switches:
configure radius netlogin primary server 192.168.128.160 1812 client-ip 192.168.21.185 vr VR-Default
configure radius netlogin primary shared-secret encrypted "***"
configure radius netlogin secondary server 192.168.128.162 1812 client-ip 192.168.21.185 vr VR-Default
configure radius netlogin secondary shared-secret encrypted "***"
configure radius-accounting netlogin primary server 192.168.128.160 1813 client-ip 192.168.21.185 vr VR-Default
configure radius-accounting netlogin primary shared-secret encrypted "***"
configure radius-accounting netlogin secondary server 192.168.128.162 1813 client-ip 192.168.21.185 vr VR-Default
configure radius-accounting netlogin secondary shared-secret encrypted "***"
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 15
configure radius mgmt-access timeout 15
configure radius netlogin timeout 15
enable radius-accounting
disable radius-accounting mgmt-access
enable radius-accounting netlogin
Many thanks in advance,
Ilya
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-30-2018 05:34 AM
Hello, Claudio,
I don't see solution for my problem in your message, sorry.
My configuration is applied to all ports, except trunks. After that I manually exclude AP, printers and cameras ports.
I don't see solution for my problem in your message, sorry.
My configuration is applied to all ports, except trunks. After that I manually exclude AP, printers and cameras ports.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-30-2018 05:34 AM
Hi Ilya I don't see in your configuration on what ports is authentication applied.
I use the configuration belowe to apply MAC authentication on some ports
configure netlogin move-fail-action authenticate
configure netlogin vlan AUTH
###enable netlogin dot1x mac
enable netlogin mac
configure netlogin agingtime 1
###configure netlogin dynamic-vlan enable
###enable netlogin ports 1:1-x dot1x
enable netlogin ports 31-32 mac
configure netlogin ports 31-32 mode port-based-vlans
configure netlogin ports 31-32 no-restart
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 ports 31-32
###configure netlogin dot1x timers reauth-period 7200
enable netlogin authentication failure vlan ports 31-32
enable netlogin authentication service-unavailable vlan ports 31-32
disable netlogin logout-privilege
disable netlogin session-refresh
disable netlogin redirect-page
###VLAN to active in case Nac GW fault
Create Vlan Guest tag 91
configure netlogin authentication failure vlan Guest ports 31-32
configure netlogin authentication service-unavailable vlan Guest ports 31-32
the commands with ### is not used, hope this could help you.
Ciao CLaudio
I use the configuration belowe to apply MAC authentication on some ports
configure netlogin move-fail-action authenticate
configure netlogin vlan AUTH
###enable netlogin dot1x mac
enable netlogin mac
configure netlogin agingtime 1
###configure netlogin dynamic-vlan enable
###enable netlogin ports 1:1-x dot1x
enable netlogin ports 31-32 mac
configure netlogin ports 31-32 mode port-based-vlans
configure netlogin ports 31-32 no-restart
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48 ports 31-32
###configure netlogin dot1x timers reauth-period 7200
enable netlogin authentication failure vlan ports 31-32
enable netlogin authentication service-unavailable vlan ports 31-32
disable netlogin logout-privilege
disable netlogin session-refresh
disable netlogin redirect-page
###VLAN to active in case Nac GW fault
Create Vlan Guest tag 91
configure netlogin authentication failure vlan Guest ports 31-32
configure netlogin authentication service-unavailable vlan Guest ports 31-32
the commands with ### is not used, hope this could help you.
Ciao CLaudio
