Reset Search



After successful radius netlogin authentication user cannot get DHCP IP address

« Go Back


TitleAfter successful radius netlogin authentication user cannot get DHCP IP address
show netlogin session
Multiple authentication session entries
Port            : 8           Station address   : 00:26:b9:c7:43:5b
Auth status     : success     Last attempt      : Wed May 15 11:17:33 2019
Agent type      : dot1x       Session applied   : true
Server type     : radius      VLAN-Tunnel-Attr  : None
Policy index    : 8           Policy name       : Default (active)
Session timeout : 0           Session duration  : 0:00:06
Idle timeout    : 300         Idle time         : 0:00:06
Auth-Override   : disabled    Termination time  : Not Terminated

X440G2-48p-10G4.72 #  show vlan Default
Untag:      *2,    *8m
Truncated some outputs for brevity 

Even though the authentication is successful and the user MAC is set with the intended policy name "Default" the user cannot get IP address.
  • EXOS One policy capable switches
  • Extreme Management center
  • Policy manager
"configure policy profile 8 name "Default" pvid-status "enable" pvid 4095"

VLAN is not set via policy, the same can be verified using the command "show config policy"

The "Access Control" is set to "permit" however this configuration will only work for ISP mode (VLAN already been manually set in the switch for that port) and not for Campus mode (VLAN for the port is not set in switch manually).

To resolve this, please set the "Access Control" to "Contain to VLAN" and select the VLAN in which the user needs to be placed.
In the below example the User will be placed in the VLAN 1

Default Actions

Once changed, enforce it to the switch and the "show config policy" will change as below 
Since the VLAN 1 is Default it should not show up in the config, if you configure VLAN 100 instead of VLAN 1 then the outputs will be different as shows below
Using Default VLAN 1
configure policy profile 8 name "Default"

Using VLAN 100
configure policy profile 8 name "Default" pvid-status "enable" pvid 100

Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255