Configures the network login port‘s mode of operation.
all | Specifies all netlogin ports. |
port_list | Specifies one or more network login ports. |
mac-based-vlans | Allows more than one untagged VLAN (Virtual LAN). |
port-based-vlans | Allows only one untagged VLAN. This is the default behavior. |
The default setting is port-based-vlans.
Use this command to configure network login MAC-based VLANs on a network login port.
If you modify the mode of operation to mac-based-vlans and later disable all network login protocols on that port, the mode of operation automatically returns to port-based-vlans.
When you change the network login port‘s mode of operation, the switch deletes all currently known supplicants from the port and restores all VLANs associated with that port to their original state. In addition, by selecting mac-based-vlans, you are unable to manually add or delete untagged VLANs from this port. Network login now controls these VLANs.
With network login MAC-based operation, every authenticated client has an additional FDB (forwarding database) flag that indicates a translation MAC address. If the supplicant‘s requested VLAN does not exist on the port, the switch adds the requested VLAN.
Configuration of port-based-vlans is lost if ONEPolicy is enabled.
This section summarizes the rules and restrictions for configuring network login MAC-based VLANs:
ERROR: The following ports do not have NetLogin enabled; 1
To enable network login on the switch, use the following command to enable network login and to specify an authentication method (for example, 802.1X—identified as dot1.x in the CLI):
enable netlogin dot1x
To enable network login on the ports, use the following command to enable network login and to specify an authentication method (for example, 802.1X—identified as dot1.x in the CLI):
enable netlogin ports 1:1 dot1x
If you attempt to configure network login MAC-based VLANs on 10 Gigabit Ethernet ports, the switch displays an error message similar to the following:
ERROR: The following ports do not support the MAC-Based VLAN mode; 1, 2, 10
To view network login-related FDB entries, use the following command:
show fdb netlogin [all | mac-based-vlans]
The following is sample output from the show fdb netlogin mac-based-vlans command:
Mac Vlan Age Use Flags Port List ------------------------------------------------------------------------ 00:04:96:10:51:80 VLONE(0021) 0086 0000 n m v 1:11 00:04:96:10:51:81 VLTWO(0051) 0100 0000 n m v 1:11 00:04:96:10:51:91 VLTWO(0051) 0100 0000 n m v 1:11 Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, M - Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - NetLogin MAC-Based VLAN.
The flags associated with network login include:
To view information about the VLANs that are temporarily added in MAC-based mode for network login, use the following command:
show ports port_list information detailThe following is sample output from this command:
Port: 1 Virtual-router: VR-Default Type: UTP Random Early drop: Disabled Admin state: Enabled with auto-speed sensing auto-duplex Link State: Active, 100Mbps, full-duplex Link Counter: Up 1 time(s) VLAN cfg: Name: Default, Internal Tag = 1(MAC-Based), MAC-limit = No-limit ...<truncated output> Egress 802.1p Replacement: Disabled NetLogin: Enabled NetLogin authentication mode: Mac based NetLogin port mode: MAC based VLANs Smart redundancy: Enabled Software redundant port: Disabled auto-polarity: Enabled
The added output displays information about the mode of operation for the network login port.
To view information about the ports that are temporarily added in MAC-based mode for network login, due to discovered MAC addresses, use the following command:
show vlan detail
The following is sample output from this command:
VLAN Interface with name Default created by user Tagging: 802.1Q Tag 1 Priority: 802.1P Priority 0 Virtual router: VR-Default STPD: s0(Disabled,Auto-bind) Protocol: Match all unfiltered protocols Loopback: Disable NetLogin: Disabled Rate Shape: Disabled QosProfile: None configured Ports: 26. (Number of active ports=2) Untag: *1um, *2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26 Flags: (*) Active, (!) Disabled, (g) Load Sharing port (b) Port blocked on the vlan, (a) Authenticated NetLogin Port (u) Unauthenticated NetLogin port, (m) Mac-Based port
The flags associated with network login include:
The following command configures the network login ports mode of operation:
configure netlogin ports 1:1-1:10 mode mac-based-vlans
This command was first available in ExtremeXOS 11.3.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.