Header Only - DO NOT REMOVE - Extreme Networks

How can i limit maximum number of users authenticated on a native netlogin port ?

  • 18 October 2016
  • 5 replies

Userlevel 6
i have several X440 (G1) Switches with recent EXOS Firmware. There is NO OnePolicy Framework available because of G1 Hardware.

i want to limit maximum user (802.1x or MAC) to 8 per Port. How can i do that ?

I knew only the method via OnePolicy Framework.

First idea is limit mac learning via maclock first-arrival ? Is it possible to get a message via Trap ? But is that working good with netlogin process ?

5 replies

Userlevel 6
You can configure a limit of mac-addresses per port.
configure mac-locking ports port_list first-arrival limit-learning learn_limit
Userlevel 6
Hi Oscar,

can you tell me if there is a trap possible if the limit is reached ?
Are there a some negative effects if i want using netlogin for 802.1x and mac on that port ?

Userlevel 6
Yes, see the command reference section.

I dont see problems using it together with netlogin but probably you could also limit the number of users per port in NAC although I dont know how.

Userlevel 6
Hi Oscar,

ok let try in my lab.

Limiting the number of users per port is NOT possible via NAC (RADIUS). On my wishlist is a feature that 802.1x users or system accounts can be used only one time - but this feature is currently NOT available - i hope in future versions.

On important aspect is coming from my co-worker:
(because edge port is never going down regarding some desktop switches)
configure mac-locking ports port_list first-arrival aging enable

When enabled, first-arrival MAC addresses that are aged out of the forwarding database are removed from the associated port MAC lock. New MAC addresses can be learned until the configured first-arrival limit is reached.

Userlevel 6
That means when a mac address ages out of the fdb it frees up entries.