Create Date: Jan 18 2013 10:56AM
Hello Ethernation,
I'm trying to configure netlogin mode 802.1x with guest vlan feature enable.
Configuration is working for an authenticated supplicant which is receiving his destination VLAN from a NPS Server.
Now i want to drop a unauthenticated supplicant on a guest vlan.
I tried this :
# conf netlogin dot1x guest-vlan "invite" ports 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.
# ena netlogin dot1x guest-vlan port 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.
So guest vlan remains not configured and disabled.
802.1X is the only enabled netlogin protocol on that port.
My netlogin configuration :
NetLogin Authentication Mode : web-based DISABLED; 802.1x ENABLED; mac-based DISABLED
NetLogin VLAN : "authlan"
NetLogin move-fail-action : Deny
NetLogin Client Aging Time : 5 minutes
Dynamic VLAN Creation : Disabled
Dynamic VLAN Uplink Ports : None
------------------------------------------------
Web-based Mode Global Configuration
------------------------------------------------
Base-URL : network-access.com
Default-Redirect-Page : ENABLED; http://www.extremenetworks.com
Logout-privilege : YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)
Refresh failures allowed : 0
Reauthenticate on refresh: Disabled
Authentication Database : Radius, Local-User database
Proxy Ports : 80(http),443(https)
------------------------------------------------
------------------------------------------------
802.1x Mode Global Configuration
------------------------------------------------
Quiet Period : 60
Supplicant Response Timeout : 30
Re-authentication period : 3600
Max Re-authentications : 3
RADIUS server timeout : 30
EAPOL MPDU version to transmit : v1
Authentication Database : Radius
------------------------------------------------
------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------
Re-authentication period : 0 (Re-authentication disabled)
Authentication Database : Radius, Local-User database
------------------------------------------------
Port: 3:20, Vlan: userftp, State: Enabled, Authentication: 802.1x
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled
MAC IP address Authenticated Type ReAuth-Timer User
00:17:08:46:39:24 0.0.0.0 No 802.1x 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port: 4:17, Vlan: userftp, State: Enabled, Authentication: 802.1x
Guest Vlan : Disabled
Authentication Failure Vlan : Disabled
Authentication Service-Unavailable Vlan : Disabled
MAC IP address Authenticated Type ReAuth-Timer User
08:2e:5f:06:02:26 0.0.0.0 Yes, Radius 802.1x 155 FTV-PUBLICITE\fdu
Any idea please?
Regards,
FrÉdÉric.
(from fredftp)