How can i limit maximum number of users authenticated on a native netlogin port ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-18-2016 04:09 AM
i have several X440 (G1) Switches with recent EXOS 16.1.3.6 Firmware. There is NO OnePolicy Framework available because of G1 Hardware.
i want to limit maximum user (802.1x or MAC) to 8 per Port. How can i do that ?
I knew only the method via OnePolicy Framework.
First idea is limit mac learning via maclock first-arrival ? Is it possible to get a message via Trap ? But is that working good with netlogin process ?
i want to limit maximum user (802.1x or MAC) to 8 per Port. How can i do that ?
I knew only the method via OnePolicy Framework.
First idea is limit mac learning via maclock first-arrival ? Is it possible to get a message via Trap ? But is that working good with netlogin process ?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-18-2016 07:04 AM
That means when a mac address ages out of the fdb it frees up entries.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-18-2016 06:59 AM
Hi Oscar,
ok let try in my lab.
Limiting the number of users per port is NOT possible via NAC (RADIUS). On my wishlist is a feature that 802.1x users or system accounts can be used only one time - but this feature is currently NOT available - i hope in future versions.
On important aspect is coming from my co-worker:
(because edge port is never going down regarding some desktop switches)
configure mac-locking ports port_list first-arrival aging enable
When enabled, first-arrival MAC addresses that are aged out of the forwarding database are removed from the associated port MAC lock. New MAC addresses can be learned until the configured first-arrival limit is reached.
ok let try in my lab.
Limiting the number of users per port is NOT possible via NAC (RADIUS). On my wishlist is a feature that 802.1x users or system accounts can be used only one time - but this feature is currently NOT available - i hope in future versions.
On important aspect is coming from my co-worker:
(because edge port is never going down regarding some desktop switches)
configure mac-locking ports port_list first-arrival aging enable
When enabled, first-arrival MAC addresses that are aged out of the forwarding database are removed from the associated port MAC lock. New MAC addresses can be learned until the configured first-arrival limit is reached.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-18-2016 06:53 AM
Yes, see the command reference section.
http://documentation.extremenetworks.com/exos_commands_16/EXOS_16_2/EXOS_Commands_All/r_configure-ma...
I dont see problems using it together with netlogin but probably you could also limit the number of users per port in NAC although I dont know how.
http://documentation.extremenetworks.com/exos_commands_16/EXOS_16_2/EXOS_Commands_All/r_configure-ma...
I dont see problems using it together with netlogin but probably you could also limit the number of users per port in NAC although I dont know how.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-18-2016 06:42 AM
Hi Oscar,
can you tell me if there is a trap possible if the limit is reached ?
Are there a some negative effects if i want using netlogin for 802.1x and mac on that port ?
Regards,
Matthias
can you tell me if there is a trap possible if the limit is reached ?
Are there a some negative effects if i want using netlogin for 802.1x and mac on that port ?
Regards,
Matthias
