XNV and MLAG
Starting with ExtremeXOS 15.7 as part of Extreme Management Center NAC
integration, as long as MLAG (Multi-switch Link Aggregation Group) peers have ISC connectivity, only one
of the MLAG peers authenticates a VM that is learned on an MLAG port.
- When ISC connectivity between the MLAG peers is established, the peer
with the highest IP address is chosen to be the authenticator. This peer will authenticate a VM
based on the chosen authentication method.
- The result of the authentication is checkpointed by the authenticator to its peer so that the
same VPP gets applied to the VM on both peers.
- When the MLAG peer that is the authenticator goes down, the other peer detects that the
authenticator is down and re-authenticates the VM at the next authentication interval. Note that
the peer that takes over as the authenticator does not re-authenticate the VMs immediately but
waits for the re-authentication timer to expire.
- VMs learned on non-MLAG ports are authenticated by the detecting peer.
- All authentication-related configurations like RADIUS (Remote Authentication Dial In User Service) address, repository for VMMAP, local DB, etc. must be identical on both
peers. This is an existing requirement and there is no change to this requirement.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB