This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- How to configure guest vlan
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to configure guest vlan
How to configure guest vlan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:58 PM
Create Date: Jan 18 2013 10:56AM
Hello Ethernation,
I'm trying to configure netlogin mode 802.1x with guest vlan feature enable.
Configuration is working for an authenticated supplicant which is receiving his destination VLAN from a NPS Server.
Now i want to drop a unauthenticated supplicant on a guest vlan.
I tried this :
# conf netlogin dot1x guest-vlan "invite" ports 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.
# ena netlogin dot1x guest-vlan port 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.
So guest vlan remains not configured and disabled.
802.1X is the only enabled netlogin protocol on that port.
My netlogin configuration :
NetLogin Authentication Mode : web-based DISABLED; 802.1x ENABLED; mac-based DISABLED
NetLogin VLAN : "authlan"
NetLogin move-fail-action : Deny
NetLogin Client Aging Time : 5 minutes
Dynamic VLAN Creation : Disabled
Dynamic VLAN Uplink Ports : None
------------------------------------------------
Web-based Mode Global Configuration
------------------------------------------------
Base-URL : network-access.com
Default-Redirect-Page : ENABLED; http://www.extremenetworks.com
Logout-privilege : YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)
Refresh failures allowed : 0
Reauthenticate on refresh: Disabled
Authentication Database : Radius, Local-User database
Proxy Ports : 80(http),443(https)
------------------------------------------------
------------------------------------------------
802.1x Mode Global Configuration
------------------------------------------------
Quiet Period : 60
Supplicant Response Timeout : 30
Re-authentication period : 3600
Max Re-authentications : 3
RADIUS server timeout : 30
EAPOL MPDU version to transmit : v1
Authentication Database : Radius
------------------------------------------------
------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------
Re-authentication period : 0 (Re-authentication disabled)
Authentication Database : Radius, Local-User database
------------------------------------------------
Port: 3:20, Vlan: userftp, State: Enabled, Authentication: 802.1x
Guest Vlan: Disabled
Authentication Failure Vlan: Disabled
Authentication Service-Unavailable Vlan: Disabled
MAC IP address Authenticated Type ReAuth-Timer User
00:17:08:46:39:24 0.0.0.0 No 802.1x 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port: 4:17, Vlan: userftp, State: Enabled, Authentication: 802.1x
Guest Vlan: Disabled
Authentication Failure Vlan: Disabled
Authentication Service-Unavailable Vlan: Disabled
MAC IP address Authenticated Type ReAuth-Timer User
08:2e:5f:06:02:26 0.0.0.0 Yes, Radius 802.1x 155 FTV-PUBLICITE\fdu
Any idea please?
Regards,
FrÉdÉric.
(from fredftp)
Hello Ethernation,
I'm trying to configure netlogin mode 802.1x with guest vlan feature enable.
Configuration is working for an authenticated supplicant which is receiving his destination VLAN from a NPS Server.
Now i want to drop a unauthenticated supplicant on a guest vlan.
I tried this :
# conf netlogin dot1x guest-vlan "invite" ports 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.
# ena netlogin dot1x guest-vlan port 3:20
WARNING: Ports on which 802.1X is not enabled or is not the only enabled Netlogin protocol were ignored.
So guest vlan remains not configured and disabled.
802.1X is the only enabled netlogin protocol on that port.
My netlogin configuration :
NetLogin Authentication Mode : web-based DISABLED; 802.1x ENABLED; mac-based DISABLED
NetLogin VLAN : "authlan"
NetLogin move-fail-action : Deny
NetLogin Client Aging Time : 5 minutes
Dynamic VLAN Creation : Disabled
Dynamic VLAN Uplink Ports : None
------------------------------------------------
Web-based Mode Global Configuration
------------------------------------------------
Base-URL : network-access.com
Default-Redirect-Page : ENABLED; http://www.extremenetworks.com
Logout-privilege : YES
Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)
Refresh failures allowed : 0
Reauthenticate on refresh: Disabled
Authentication Database : Radius, Local-User database
Proxy Ports : 80(http),443(https)
------------------------------------------------
------------------------------------------------
802.1x Mode Global Configuration
------------------------------------------------
Quiet Period : 60
Supplicant Response Timeout : 30
Re-authentication period : 3600
Max Re-authentications : 3
RADIUS server timeout : 30
EAPOL MPDU version to transmit : v1
Authentication Database : Radius
------------------------------------------------
------------------------------------------------
MAC Mode Global Configuration
------------------------------------------------
Re-authentication period : 0 (Re-authentication disabled)
Authentication Database : Radius, Local-User database
------------------------------------------------
Port: 3:20, Vlan: userftp, State: Enabled, Authentication: 802.1x
Guest Vlan
Authentication Failure Vlan
Authentication Service-Unavailable Vlan
MAC IP address Authenticated Type ReAuth-Timer User
00:17:08:46:39:24 0.0.0.0 No 802.1x 0
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port: 4:17, Vlan: userftp, State: Enabled, Authentication: 802.1x
Guest Vlan
Authentication Failure Vlan
Authentication Service-Unavailable Vlan
MAC IP address Authenticated Type ReAuth-Timer User
08:2e:5f:06:02:26 0.0.0.0 Yes, Radius 802.1x 155 FTV-PUBLICITE\fdu
Any idea please?
Regards,
FrÉdÉric.
(from fredftp)
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2014 09:58 PM
Create Date: Jan 18 2013 5:41PM
Solved
Unconfigured all related netlogin configuration.
started a new netlogin dotx mode from scratch
Enabling guest vlan with no problems now on any netlogin port (from fredftp)
Solved
Unconfigured all related netlogin configuration.
started a new netlogin dotx mode from scratch
Enabling guest vlan with no problems now on any netlogin port (from fredftp)
