This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Multi Devices Authentication
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Multi Devices Authentication
Multi Devices Authentication
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-19-2015 03:50 PM
Hi,
Is Summit and/or BlackDiamond support multi devices authentication on single port? I mean that authentication status and policy will be applied exclusively per device, so a device may be authenticated whether the others may be not even they are connected to the same port. I find that way on Brocade (Foundry) device which is MAC address based authentication but I'm no sure Extreme net login has same behavior.
Best regards,
Is Summit and/or BlackDiamond support multi devices authentication on single port? I mean that authentication status and policy will be applied exclusively per device, so a device may be authenticated whether the others may be not even they are connected to the same port. I find that way on Brocade (Foundry) device which is MAC address based authentication but I'm no sure Extreme net login has same behavior.
Best regards,
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-21-2015 08:14 AM
Hi Daniel,
Where can I find the official documentation of 1024 MAC address per switch limitation? As I know on datasheet, BlackDiamond support at least 8K MAC address on FDB per interface module and Summit X440 support 16K.
Best regards,
Where can I find the official documentation of 1024 MAC address per switch limitation? As I know on datasheet, BlackDiamond support at least 8K MAC address on FDB per interface module and Summit X440 support 16K.
Best regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-21-2015 04:30 AM
Hi Daniel,
Is there any limitation should be concerned on implementation of this feature (ex. maximum MAC per port/vlan)?
Best regards,
Is there any limitation should be concerned on implementation of this feature (ex. maximum MAC per port/vlan)?
Best regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-20-2015 03:56 PM
Mrxlazuardin,
In Network login, a supplicant gets identified as being learned on a specific VLAN and Port combination (we call this a virtual port). Each virtual port can hold one or more supplicants, each one of which has its own state.
With network login MAC-based operation, every authenticated client has an additional FDB flag that
indicates a translation MAC address. To view network login-related FDB entries, use the following command:
show fdb netlogin [all | mac-based-vlans]
The following is sample output from the show fdb netlogin mac-based-vlans command:
Mac Vlan Age Use Flags Port List
------------------------------------------------------------------------
00:04:96:10:51:80 VLONE(0021) 0086 0000 n m v 1:11
00:04:96:10:51:81 VLTWO(0051) 0100 0000 n m v 1:11
00:04:96:10:51:91 VLTWO(0051) 0100 0000 n m v 1:11
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC,
i - IP, x - IPX, l - lockdown MAC, M - Mirror, B - Egress Blackhole,
b - Ingress Blackhole, v - NetLogin MAC-Based VLAN.
The flags associated with network login include:
• v—Indicates the FDB entry was added because the port is part of a MAC-based virtual port/VLAN
combination.
• n—Indicates the FDB entry was added by network login.
In Network login, a supplicant gets identified as being learned on a specific VLAN and Port combination (we call this a virtual port). Each virtual port can hold one or more supplicants, each one of which has its own state.
With network login MAC-based operation, every authenticated client has an additional FDB flag that
indicates a translation MAC address. To view network login-related FDB entries, use the following command:
show fdb netlogin [all | mac-based-vlans]
The following is sample output from the show fdb netlogin mac-based-vlans command:
Mac Vlan Age Use Flags Port List
------------------------------------------------------------------------
00:04:96:10:51:80 VLONE(0021) 0086 0000 n m v 1:11
00:04:96:10:51:81 VLTWO(0051) 0100 0000 n m v 1:11
00:04:96:10:51:91 VLTWO(0051) 0100 0000 n m v 1:11
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC,
i - IP, x - IPX, l - lockdown MAC, M - Mirror, B - Egress Blackhole,
b - Ingress Blackhole, v - NetLogin MAC-Based VLAN.
The flags associated with network login include:
• v—Indicates the FDB entry was added because the port is part of a MAC-based virtual port/VLAN
combination.
• n—Indicates the FDB entry was added by network login.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-20-2015 03:04 PM
Hi Daniel,
I'm confused with your and Bill statement if comparing with following statement from Mutiple Supplicant Support of ExtremeXOS 15.7 User Guide (page 798).
"A port's authentication state is the logical “OR” of the individual MAC's authentication states. In other words, a port is authenticated if any of its connected clients is authenticated."
Can you explain more about the different?
Best regards,
I'm confused with your and Bill statement if comparing with following statement from Mutiple Supplicant Support of ExtremeXOS 15.7 User Guide (page 798).
"A port's authentication state is the logical “OR” of the individual MAC's authentication states. In other words, a port is authenticated if any of its connected clients is authenticated."
Can you explain more about the different?
Best regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-20-2015 10:50 AM
Mrxlazuardin,
If you have multiple supplicants in a port that use untagged traffic, you have to enable MAC-Based VLANs in that port (see EXOS User Guide, page 831).
In that case, each individual MAC is assigned to a VLAN when authenticated in the port. Traffic from unauthenticated MACs is not forwarded.
If you have multiple supplicants in a port that use untagged traffic, you have to enable MAC-Based VLANs in that port (see EXOS User Guide, page 831).
In that case, each individual MAC is assigned to a VLAN when authenticated in the port. Traffic from unauthenticated MACs is not forwarded.
