Reset Search
 

 

Article

After successful radius netlogin authentication user cannot get DHCP IP address

« Go Back

Information

 
TitleAfter successful radius netlogin authentication user cannot get DHCP IP address
Symptoms
show netlogin session
Multiple authentication session entries
---------------------------------------
 
Port            : 8           Station address   : 00:26:b9:c7:43:5b
Auth status     : success     Last attempt      : Wed May 15 11:17:33 2019
Agent type      : dot1x       Session applied   : true
Server type     : radius      VLAN-Tunnel-Attr  : None
Policy index    : 8           Policy name       : Default (active)
Session timeout : 0           Session duration  : 0:00:06
Idle timeout    : 300         Idle time         : 0:00:06
Auth-Override   : disabled    Termination time  : Not Terminated


X440G2-48p-10G4.72 #  show vlan Default
Untag:      *2,    *8m
 
Truncated some outputs for brevity 


Even though the authentication is successful and the user MAC is set with the intended policy name "Default" the user cannot get IP address.
Environment
  • EXOS One policy capable switches
  • Extreme Management center
  • Policy manager
Cause
"configure policy profile 8 name "Default" pvid-status "enable" pvid 4095"

VLAN is not set via policy, the same can be verified using the command "show config policy"

The "Access Control" is set to "permit" however this configuration will only work for ISP mode (VLAN already been manually set in the switch for that port) and not for Campus mode (VLAN for the port is not set in switch manually).


 
Resolution
To resolve this, please set the "Access Control" to "Contain to VLAN" and select the VLAN in which the user needs to be placed.
In the below example the User will be placed in the VLAN 1

Default Actions

Once changed, enforce it to the switch and the "show config policy" will change as below 
Since the VLAN 1 is Default it should not show up in the config, if you configure VLAN 100 instead of VLAN 1 then the outputs will be different as shows below
Using Default VLAN 1
configure policy profile 8 name "Default"

Using VLAN 100
configure policy profile 8 name "Default" pvid-status "enable" pvid 100

 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255