Brocade FastIron Ethernet Switch Stacking Configuration Guide User Manual

Hitless-supported services and protocols
(Continued)

TABLE 18

Traffic type

Supported protocols
and services

Impact

Security

•

802.1X, including
use with VLANs

•

EAP with RADIUS

•

IPv4 ACLs

•

DHCP snooping

•

Dynamic ARP
inspection

•

IP source guard

•

Multi-device port
authentication
(MDPA), including
use with dynamic
VLANs

•

MAC port security

Supported security
protocols and services are
not impacted during a
switchover or failover, with
the following exceptions:

•

802.1X is impacted if
re-authentication
does not occur in a
specific time window.

•

MDPA is impacted if
re-authentication
does not occur in a
variable-length time
window.

•

In some cases, a few
IP source guard
packets may be
permitted or dropped.

•

If 802.1X and MDPA
are enabled together
on the same port,
both will be impacted
during a switchover
or failover. Hitless
support for these
features applies to
ports with 802.1X
only or multi-device
port authentication
only.

•

For MAC port
security, secure
MACs are
synchronized
between the active
and standby
controllers, so they
are hitless. However,
denied MACs are lost
during a switchover
or failover but may be
relearned if traffic is
present.

Configured ACLs will
operate in a hitless
manner, meaning the
system will continue to
permit and deny traffic
during the switchover or
failover process. However,
dynamic ACLs are not
supported for hitless
switchover and failover.

After a switchover or
failover, the new active

Traditional Stacking

100

FastIron Ethernet Switch Stacking Configuration Guide

53-1003090-02