Hello, I am new on ExtremSwitch and am trying to build a port based authentication with Freeradius.
This is my Lab Schematic
This is my switch config that i need your confirmation for it: (is it correct ?)
on the radius side (MD5 authentication) i created a :
on my kali side i just enable port based authentication from the network setting but am not sure is that enough ?
when i send request with radclient, my kali not authenticated on the switch ? do i miss something in my config ?
I hope if i detailed my lab and config well , i will be waiting your answers please, thx
- And i need your confirmation please about my steps for configuring the Extrem switch as authenticator
This is my Lab Schematic
This is my switch config that i need your confirmation for it: (is it correct ?)
create vlan purgatoryconfigure netlogin vlan purgatoryenable netlogin dot1x enable netlogin ports 1 dot1xconfigure netlogin ports 1 mode port-based-vlansconfigure netlogin ports 1 restartconfigure vlan A ipaddress 192.168.1.1/24configure radius netlogin primary server 192.168.1.2 1812 client-ip 192.168.1.1 vr "VR-Default"configure radius netlogin primary shared-secret ilovesecretenable radius netloginon the radius side (MD5 authentication) i created a :
client switch {ipv4add = 192.168.1.1secret = ilovesecret}on my kali side i just enable port based authentication from the network setting but am not sure is that enough ?
when i send request with radclient, my kali not authenticated on the switch ? do i miss something in my config ?
I hope if i detailed my lab and config well , i will be waiting your answers please, thx
Hi Matthew, thanks for your feedback,
whit the same radclient command, i can say no i don't have any output on the server side, the only output i have is on the switch is the kali mac add not authenticated.
But i can get access accept on the radclient (from kali) when i disable netlogin on the switch and i can see logs on radius.
There is no tool to send request from the supplicant (kali VM) ?
so what i understand from you radclient play the authenticator rule so how i should used in my scenrio ?
radclient user pass secret serverip ?
and launch it from where ?
aslo if this switch "ExtremeXOS version 30.2.1.8" support multi host (multi supplicant)
thank you
āāā
whit the same radclient command, i can say no i don't have any output on the server side, the only output i have is on the switch is the kali mac add not authenticated.
But i can get access accept on the radclient (from kali) when i disable netlogin on the switch and i can see logs on radius.
There is no tool to send request from the supplicant (kali VM) ?
so what i understand from you radclient play the authenticator rule so how i should used in my scenrio ?
radclient user pass secret serverip ?
and launch it from where ?
aslo if this switch "ExtremeXOS version 30.2.1.8" support multi host (multi supplicant)
thank you
āāā
Hi matthew,
it was only miss understanding from me to the tool, i know very well port based authentication how it work (supplicant-authentictor-radius)
I think the problem in my case it could be related that i need to find a way to trigger some request from the virtual kali over the physical adapter NIC of the HP server.
but i don't know how to do that? or even my though is correct ?
Actually I was missing to use wpa_supplicant to configure kali as supplicant and also i can use it to trigger authentication request (https://help.ubuntu.com/community/Network802.1xAuthentication)
,
it was only miss understanding from me to the tool, i know very well port based authentication how it work (supplicant-authentictor-radius)
I think the problem in my case it could be related that i need to find a way to trigger some request from the virtual kali over the physical adapter NIC of the HP server.
but i don't know how to do that? or even my though is correct ?
Actually I was missing to use wpa_supplicant to configure kali as supplicant and also i can use it to trigger authentication request (https://help.ubuntu.com/community/Network802.1xAuthentication)
,
