Enables NetLogin on a specified port for a particular authentication method.
ports | Specifies the ports for which NetLogin should be enabled. |
dot1x | Specifies 802.1X authentication. |
mac | Specifies MAC-based authentication. |
web-based | Specifies web-based authentication. |
All methods are disabled on all ports.
A DHCP (Dynamic Host Configuration Protocol) server must be available, and a DHCP range must be configured for the port or ports in the VLAN (Virtual LAN) on which you want to enable NetLogin.
The switch must be configured as a RADIUS (Remote Authentication Dial In User Service) client, and the RADIUS server must be configured to enable the NetLogin capability.
For ISP mode login, no special conditions are required. A RADIUS server must be used for authentication.
NetLogin is used on a per-port basis. A port that is tagged can belong to more than one VLAN. In this case, NetLogin can be enabled on one port for each VLAN.
Windows authentication is not supported via NetLogin.
To support NetLogin on all user virtual routers (VRs) in policy mode, remove any associated VRs from the port before enabling NetLogin (see configure vr delete ports). This is applicable for uplink ports and ISC ports. This must be done prior to authentication so that once the client gets authenticated the ports can move across different VLANs of various VRs.
The following command configures NetLogin on port 2:9 using web-based authentication:
enable netlogin ports 2:9 web-based
This command was first available in ExtremeXOS 11.1.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.