RADIUS support for DHCP snooping and ARP validation allows users transitioning from Ethernet Routing Switch to ExtremeXOS at Edge with Fabric Attach using RADIUS to dynamically configure port security through RADIUS VSA Attributes. ExtremeXOS can provision items via RADIUS VSA Attributes currently supported with ERS switching. Dynamic configuration can be applied to the following VLAN settings:
The RADIUS user configuration attributes for VLAN settings can specify a single VLAN or a range of VLANs for each setting request. The RADIUS user configuration attributes, which request the settings, include:
This FA-Service-Request attribute contains a DHCP Snoop and ARP Validation enable status for VLAN. When a new user is authenticated by netlogin, the new attributes of the DHCP Snoop and ARP Validation enable is given to netlogin. Netlogin will process and send the attribute message to the IP Security module as "enable." If all users are unauthenticated by netlogin, a disable message for the VLAN will be sent to IP Security. RADIUS configuration is applicable for both static and dynamic VLANs.
Whenever a DHCP Snooping or ARP Validation configuration is received from RADIUS, IP Security will enable the feature on all the ports in VLAN with the violation action "Drop-packet."
ExtremeSwitching X450-G2, X460-G2, X670-G2, X440-G2, X465, X590, X620, X690, X695, X870, 5420, 5520 series switches.