Showing results for 
Search instead for 
Did you mean: 

PacketFence and Summit switches

PacketFence and Summit switches

Sorry for the amount of detail, but we are trying to setup PacketFence with our Summit switches and I think everything looks fine on the PacketFence side, but I keep getting the following on the test switch:

07/30/2014 13:47:39.42 Slot-1: Authentication failed for Network Login MAC user 3C970EADB66B Mac 3C:97:0E:AD:B6:6B port 5:13

07/30/2014 13:47:39.42 Slot-1: No response from server trying local.

07/30/2014 13:47:39.42 Slot-1: No servers responding

07/30/2014 13:47:36.42 Slot-1: Resend request to Authentication Server address current request count is 2

07/30/2014 13:47:33.41 Slot-1: Resend request to Authentication Server address current request count is 1

What steps can I perform on the switch to verify connectivity? I can ping/trace to the PacketFence server from the switch.

We have PacketFence installed on a server ( We have three interfaces defined in PacketFence: Management (, Isolation (, and Registration ( Those interfaces are plugged into our core Extreme Networks Summit switch into matching VLANs: “Internal_Appliances” (, “MAC_Isolation” (, and “MAC_Registration” (

That switch is then uplinked to our desktop switch, where we have created a “MAC_Isolation” (, “MAC_Registration” (, MAC_Temp (no IP), and “Desktops” ( We want the ports to eventually end up in the “Desktops” VLAN after authorization.

The steps below were performed on the Extreme switch to which the desktops are connected, using Port 5:13 as our test.

create vlan MAC_Registration

config vlan "MAC_Registration" tag 369

create vlan MAC_Temp

enable snmp access

configure snmp add trapreceiver community public vr VR-DEFAULT

configure vlan MAC_Registration add ports 5:13 untagged

configure ports 5:13 vlan MAC_Registration lock-learning

disable snmp traps port-up-down ports 5:13

configure radius netlogin primary server 1812 client-ip vr VR-Default

configure radius netlogin primary shared-secret (password)

enable radius netlogin

configure netlogin vlan MAC_Temp

enable netlogin mac

configure netlogin dynamic-vlan enable

configure netlogin dynamic-vlan uplink-ports 4:45

configure netlogin mac authentication database-order radius

enable netlogin ports 5:13 mac

configure netlogin ports 5:13 mode port-based-vlans

configure netlogin ports 5:13 no-restart

The results of “show netlogin” and “show radius” on the switch returns the following:

Slot-1 Stack.4 # show netlogin

NetLogin Authentication Mode : web-based DISABLED; 802.1x DISABLED; mac-based ENABLED

NetLogin VLAN : "MAC_Temp"

NetLogin move-fail-action : Deny

NetLogin Client Aging Time : 5 minutes

Dynamic VLAN Creation : Enabled

Dynamic VLAN Uplink Ports : 4:45


Web-based Mode Global Configuration


Base-URL :

Default-Redirect-Page : ENABLED;

Logout-privilege : YES

Netlogin Session-Refresh : ENABLED; 3 minute(s) 0 second(s)

Refresh failures allowed : 0

Reauthenticate on refresh: Disabled

Authentication Database : Radius, Local-User database

Proxy Ports : 80(http),443(https)



802.1x Mode Global Configuration


Quiet Period : 60

Supplicant Response Timeout : 30

Re-authentication period : 3600

Max Re-authentications : 3

RADIUS server timeout : 30

EAPOL MPDU version to transmit : v1

Authentication Database : Radius



MAC Mode Global Configuration


MAC Address/Mask Password (encrypted) Port(s)

-------------------- ------------------------------ ------------------------

Default any

Re-authentication period : 0 (Re-authentication disabled)

Authentication Database : Radius


Port: 5:13, Vlan: MAC_Registration, State: Enabled, Authentication: mac-based

Guest Vlan : Disabled

Authentication Failure Vlan : Disabled

Authentication Service-Unavailable Vlan : Disabled

MAC IP address Authenticated Type ReAuth-Timer User

3c:97:0e??b6:6b No MAC 0


(B) - Client entry Blackholed in FDB

Number of Clients Authenticated : 0

Slot-1 Stack.5 # show radius

Switch Management Radius: disabled

Switch Management Radius server connect time out: 3 seconds

Switch Management Radius Accounting: disabled

Switch Management Radius Accounting server connect time out: 3 seconds

Netlogin Radius: enabled

Netlogin Radius server connect time out: 3 seconds

Netlogin Radius Accounting: disabled

Netlogin Radius Accounting server connect time out: 3 seconds

Primary Netlogin Radius server:

Server name :

IP address :

Server IP Port: 1812

Client address: (VR-Default)

Shared secret : 2\q;sJ;@F=8Bjn

Access Requests : 13752 Access Accepts : 0

Access Rejects : 0 Access Challenges : 0

Access Retransmits: 9168 Client timeouts : 4584

Bad authenticators: 0 Unknown types : 0

Round Trip Time : 0


Extreme Employee
Sorry, I'm not familiar with the way that packet fence operates, however, if it's not routable, then there most likely wouldn't be a way to get a WOL packet to that device unless it's on the same VLAN.

That allows traffic out of the port, but it doesn't help with routing the WOL packet to the device on the port.

Extreme Employee
Try using 'configure netlogin ports allow egress-traffic all_cast'. This will allow all traffic to egress a port while in the unauthenticated state.

We got this working finally, but now we realized that this method won't allow us to Wake On LAN unless someone has another solution.

Basically, devices are put int the "MAC_Temp" VLAN when powered off which appears to be a L2 VLAN that we can't forward anything to. Does anyone have any solutions on how to work around that?

Also, it looks like 802.1x instead of mac based authentication might allow WOL to work?