Skip to main content

Exstreme Gen1 RADIUS Authentication

The example configuration below shows how to configure RADIUS for both Management and Port authentication. The server, client-ip and secrets will be unique to your environment. This example also configures and enables RADIUS accounting.

configure radius mgmt-access primary server 10.21.0.10 1812 client-ip 172.16.5.20 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "#$sLBECeI3y+vi56D+JsXsSaWmuvynCERCHNm1lyy21cwRTssjdoE="
configure radius mgmt-access secondary server 10.21.0.12 1812 client-ip 172.16.5.20 vr VR-Default
configure radius mgmt-access secondary shared-secret encrypted "#$aV4JSbB7qYJIrkN+xyFpkm8C3VhEMCvmeXg+CHuFmWCPuo9/BjA="
configure radius netlogin primary server 10.21.0.10 1812 client-ip 172.16.5.20 vr VR-Default
configure radius netlogin primary shared-secret encrypted "#$E1KQvrolmf3rZESnOuZCzgHvxuOncnJsRCrlsGkg9URvSuQAOQ8="
configure radius netlogin secondary server 10.21.0.12 1812 client-ip 172.16.5.20 vr VR-Default
configure radius netlogin secondary shared-secret encrypted "#$25naJ++VqZmHWFE3p940NH+BMkvA4BL2GYj1HB1WaY1AFrIt4rQ="
configure radius-accounting netlogin primary server 10.21.0.10 1813 client-ip 172.16.5.20 vr VR-Default
configure radius-accounting netlogin primary shared-secret encrypted "#$5f6QnmG9LhNB1pb1WQB3T+F8LIIhnl5n83AzKewrEGHPtlQkLTI="
configure radius-accounting netlogin secondary server 10.21.0.12 1813 client-ip 172.16.5.20 vr VR-Default
configure radius-accounting netlogin secondary shared-secret encrypted "#$2vpSd5mMYX46JQvXCLYqFjRnfH4AVawx57QYAm+QufLMbiRc/Do="
enable radius
enable radius mgmt-access
enable radius netlogin
enable radius-accounting netlogin

 

The example configuration below will enable both dot1x user and MAC authentication on a port by port basis. Note that you must create a dedicated netlogin pre-authentication vlan, in this case it's called net-login.

create vlan "net-login"
configure vlan net-login tag 2000

 

configure netlogin vlan net-login
enable netlogin dot1x mac 
configure netlogin mac authentication database-order radius
enable netlogin ports 1:12-46 dot1x 
enable netlogin ports 1:12-46 mac 
configure netlogin ports 1:12 mode mac-based-vlans
configure netlogin ports 1:12 restart
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48

No Comments
Back to top