Authentication Mode Optional - Older Code
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2018 09:36 AM
Hi,
In the process of configuring MAC based Netlogin on some older switches, the configuration will look something like the following:
create vlan nt_login
configure netlogin vlan nt_login
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac authentication database-order radius
configure netlogin ports 20-22 mode port-based-vlans
configure netlogin authentication failure vlan Default ports 20-22
configure netlogin authentication service-unavailable vlan Default ports 20-22
enable netlogin ports 20-22 mac
enable netlogin mac
What I would like to do is use the same function as the optional command:
configure netlogin port 20-22 authentication mode optional
Basically so that I'm not enforcing the authentication, just essentially putting it into monitoring mode, as the 'optional' command isnt available on the version being used.
From what I understand the device will be put into the 'nt_login' VLAN whilst its being authenticated, but ideally I wouldn't want the device to be removed / disconnected from the network at any point or for any condition, just want to put the data into NAC.
The other problem being I can't say replace the VLAN 'nt_login' in the 'configure netlogin vlan' command with the default VLAN the port is already configured for.
Hopefully that makes sense, and appreciate any ideas.
Many thanks in advance.
In the process of configuring MAC based Netlogin on some older switches, the configuration will look something like the following:
create vlan nt_login
configure netlogin vlan nt_login
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
configure netlogin mac authentication database-order radius
configure netlogin ports 20-22 mode port-based-vlans
configure netlogin authentication failure vlan Default ports 20-22
configure netlogin authentication service-unavailable vlan Default ports 20-22
enable netlogin ports 20-22 mac
enable netlogin mac
What I would like to do is use the same function as the optional command:
configure netlogin port 20-22 authentication mode optional
Basically so that I'm not enforcing the authentication, just essentially putting it into monitoring mode, as the 'optional' command isnt available on the version being used.
From what I understand the device will be put into the 'nt_login' VLAN whilst its being authenticated, but ideally I wouldn't want the device to be removed / disconnected from the network at any point or for any condition, just want to put the data into NAC.
The other problem being I can't say replace the VLAN 'nt_login' in the 'configure netlogin vlan' command with the default VLAN the port is already configured for.
Hopefully that makes sense, and appreciate any ideas.
Many thanks in advance.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2018 11:31 AM
Hi Oscar,
Sure did this:
enable netlogin ports 20-22
It then complains that a netlogin VLAN hasn't been defined. I'll give it a go in a bit and let you know.
Thanks
Sure did this:
enable netlogin ports 20-22
It then complains that a netlogin VLAN hasn't been defined. I'll give it a go in a bit and let you know.
Thanks
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2018 11:29 AM
Hi,
I've looked into the ISP mode and apparently the configuration is to use:
enable netlogin ports vlan
Problem is that command doesn't exist, so I'm a little stuck?!
enable netlogin ports 1-22?
dot1x Configure the 802.1x authentication protocol
mac Configure the MAC-Based authentication protocol
web Configure the web-based authentication protocol
Any ideas?
Many thanks
I've looked into the ISP mode and apparently the configuration is to use:
enable netlogin ports vlan
Problem is that command doesn't exist, so I'm a little stuck?!
enable netlogin ports 1-22?
dot1x Configure the 802.1x authentication protocol
mac Configure the MAC-Based authentication protocol
web Configure the web-based authentication protocol
Any ideas?
Many thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2018 09:42 AM
Martin, take a look at netlogin in ISP mode. Then the port does not move to another vlan. This happens when radius does not give a vlan with the accept and the port stays in the same vlan and use netlogin to only allow or disallow the client.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-23-2018 09:42 AM
Hi Oscar, thanks for the quick response and the pointer, much appreciated.
I'll post back the config once I've looked it up and tested it.
I'll post back the config once I've looked it up and tested it.
