beautypg.com

Mac-based vlan and port up or down events, Dynamic mac-based vlan, Dynamic mac-based vlan cli commands – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 229: Based vlan

background image

NOTE
Even though the feature supports up tp a maximum of 32 MAC address per physical port, the
configuration of the maximum number of MAC addresses per port is limited by the available hardware
resources.

Once a client MAC address is successfully authenticated and registered, the MAC-to-VLAN association
remains until the port connection is dropped, or the MAC entry expires.

MAC-based VLAN and port up or down events

When the state of a port is changed to down, all authorized and unauthorized MAC addresses are
removed from the MAC-to-VLAN mapping table, any pending authentication requests are cancelled.

Dynamic MAC-based VLAN

When enabled, the dynamic MAC-based VLAN feature allows the dynamic addition of mac-vlan-permit
ports to the VLAN table only after successful RADIUS authentication. Ports that fail RADIUS
authentication are not added to the VLAN table.

When this feature is not enabled, the physical port is statically added to the hardware table, regardless
of the outcome of the authentication process. This feature prevents the addition of unauthenticated
ports to the VLAN table. For information about how to configure Dynamic MAC-based VLAN, refer to

Configuring dynamic MAC-based VLAN

on page 236.

Configuration notes and feature limitations for dynamic MAC-based
VLAN

The following guidelines apply to MAC-based VLAN configurations:

• MAC-based VLAN is not currently supported for trunk ports and LACP.
• MAC-based VLAN is not supported for VLAN groups, topology groups and dual-mode configuration.
• MAC-based VLAN is not supported together with ACLs or MAC address filters.
• FastIron devices do not support UDLD link-keepalives on ports with MAC-based VLAN enabled.
• FastIron devices do not support STP BPDU packets on ports with MAC-based VLAN enabled.
• MAC-to-VLAN mapping must be associated with VLANs that exist on the switch. Create the VLANs

before you configure the MAC-based VLAN feature.

• Ports participating in MAC-based VLANs must first be configured as mac-vlan-permit ports under the

VLAN configuration.

• In the RADIUS server configuration file, a MAC address cannot be configured to associate with more

than one VLAN.

• This feature does not currently support dynamic assignment of a port to a VLAN. Users must pre-

configure VLANs and port membership before enabling the feature.

• Multi-device port authentication filters will not work with MAC-based VLANs on the same port.

Dynamic MAC-based VLAN CLI commands

The following table describes the CLI commands used to configure MAC-based VLANs.

MAC-based VLAN and port up or down events

FastIron Ethernet Switch Security Configuration Guide

229

53-1003088-03

See also other documents in the category Brocade Computer Accessories: