NetLogin over Link Aggregation Groups (LAGs)

ExtremeXOS 22.2 provides support for NetLogin over Link Aggregation Groups (LAGs).

When NetLogin is enabled on a sharing group, user credentials for the LAG are forwarded to an AAA server for authentication. Once authenticated, the LAG is moved to the VLAN configured as the destination VLAN for NetLogin, and the learned MAC address is installed over the LAG in the Forwarding Data Base (FDB) on the NetLogin‘s destination VLAN.

All NetLogin configurations should be done on the LAG master port.

For MAC-based authentication, when NetLogin is enabled on a sharing group, software-based learning is enabled for each member port of the sharing group. Similarly, when member ports are removed from the sharing group, software-based learning is disabled on that member port.

Note

• When a LAG is removed, all the NetLogin configurations related to that LAG are removed. Before deleting a sharing group, disable NetLogin on the LAG port.
• The master port cannot be removed from the LAG.
• The maximum number of authenticated users per LAG group is 1,024.
• If OnePolicy is enabled, NetLogin global protocol configurations and NetLogin VLAN configurations are lost, and then the LAG port is authenticated using OnePolicy by enabling NetLogin protocols globally.