beautypg.com

Mac-based vlans, Mac-based vlan overview, Static and dynamic hosts – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 231: Chapter 8, Chapter

background image

Brocade ICX 6650 Security Configuration Guide

211

53-1002601-01

Chapter

8

MAC-based VLANs

Table 44

lists the MAC-based VLAN features that are supported on Brocade ICX 6650 device.

These features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software
images, except where explicitly noted.

MAC-based VLAN overview

The MAC-based VLAN feature controls network access by authenticating a host source MAC
address, and mapping the incoming packet source MAC to a VLAN. Mapping is based on the MAC
address of the end station connected to the physical port. Users who relocate can remain on the
same VLAN as long as they connect to any switch in the same domain, on a port which is permitted
in the VLAN. The MAC-based VLAN feature may be enabled for two types of hosts: static and
dynamic.

MAC-based VLAN activity is determined by authentication through a RADIUS server. Incoming traffic
that originates from a specific MAC address is forwarded only if the source MAC address-to-VLAN
mapping is successfully authenticated. While multi-device port authentication is in progress, all
traffic from the new MAC address will be blocked or dropped until the authentication succeeds.
Traffic is dropped if the authentication fails.

Static and dynamic hosts

Static hosts are devices on the network that do not speak until spoken to. Static hosts may not
initiate a request for authentication on their own. Such static hosts can be managed through a link
up or link down notification.

Dynamic hosts are “chatty” devices that generate packets whenever they are in the link up state.
Dynamic hosts must be authenticated before they can switch or forward traffic.

TABLE 44

Supported MAC-based VLAN features

Feature

Brocade ICX 6650

MAC-Based VLANs:

Source MAC address authentication

Policy-based classification and
forwarding

Yes

MAC-based VLANs and 802.1X security on
the same port

Yes

MAC-based VLAN aging

Yes

Dynamic MAC-Based VLANs

Yes

See also other documents in the category Brocade Communications Systems Computer Accessories: