We had a bit of an oddity on an Extreme Networks SwitchEngine (XOS) switch running: 32.7.1.9
patch1-26, devices connecting to a specific VLAN that should be authenticated by Netlogin (NAC) via radius were failing giving the error below.
02/17/2025 07:59:07.17 <Noti:nl.ClientAuthFailure> Authentication failed for Network Login MAC user 00C0B7B81027 Mac 00:C0:C7:27:10:AA port 43
02/17/2025 07:59:07.17 <Warn:nl.InvalidVlanTagVSA> VLAN Tag 3886 specified in Radius VSA does not exist on the switch or cannot be created. Please ve rify RADIUS configurationChecking the switch, the VLAN very much existed, so it was a mystery why it said it wasn’t.
It turned out that the VLAN had a loopback interface enabled on it during a network migration, although there was no IP on the VLAN, the loopback interface was still enabled and this seemed to be causing the VLAN to be invisible to netlogon for some reason.
Disabling the loopback interface on the VLAN resolved the issue.
disable loopback-mode vlan <VLAN_NAME>