Exclusions and Limitations

The following are limitations and exclusions for network login:

  • When using NetLogin MAC-based VLAN (Virtual LAN) mode, moving a port as untagged from a pre-authentication VLAN to a post-authentication VLAN is not supported when both VLANs are configured with Protocol Filter IP.
  • All unauthenticated MACs will be seeing broadcasts and multicasts sent to the port if even a single MAC is authenticated on that port.

  • Network login must be disabled on a port before that port can be deleted from a VLAN.

  • In Campus mode on all switches with untagged VLANs and the network login ports' mode configured as port-based-VLAN, after the port moves to the destination VLAN, the original VLAN for that port is not displayed.

  • A network login VLAN port should not be a part of following protocols:
  • Network login and STP (Spanning Tree Protocol) operate on the same port as follows:
    • At least one VLAN on the intended port should be configured both for network login and STP.

    • When STP blocks a port, network login does not process authentication requests and BPDUs are the only traffic in and out of the port. All user data forwarding stops.

    • When STP places a port in forwarding state, network login operates and BPDUs and user data flow in and out of the port. The forwarding state is the only STP state that allows network login and user data forwarding.

    • If a network login client is authenticated in ISP mode and STP blocks one of the authenticated VLANS on a given port, the client is unauthenticated only from the port or VLAN which is blocked.

    • All clients that are going through authentication and are learned on a blocked port or VLAN are cleared.

    Note

    Note

    When STP with edge-safeguard and network login feature is enabled on the same port, the port goes into the disabled state after detecting a loop in the network. NetLogin campus mode and STP can be configured together on a port with the autobind feature.