Netlogin authentication fails after receiving radius accept message
A Netlogin switch receives a radius access accept message for the authenticating user, but the switch still fails the supplicant authentication.
Extreme Policy is not used in this situation as the Netlogin VLAN is not used when policy is enabled.
The authenticating supplicant is in the Netlogin VLAN, and is configured to stay in the netlogin VLAN after authentication is complete. This is not a valid configuration as Netlogin is not allowed to let a supplicant be authenticated in the Netlogin VLAN. This is why authentication fails.
This problem can be resolved in one of these two ways.
Add the port to a different VLAN other than the netlogin VLAN.
Configure the Radius accept message to move the port to another VLAN after authentication.
If you enable Netlogin on a port that is not added to any VLAN already it will be added to the Netlogin VLAN by default. This is how people run into this behaviour.