Support for Attaching and Detaching the UPM profile

When the user or device gets authenticated the netlogin process will check for the protocol precedence configured by the user in this port and apply or remove the action accordingly. From the previous example when the user “john” tries to authenticate using Dot1x the ExtremeXOS switch or authenticator will authenticate the MAC using MAC based authentication and apply the action corresponding to the MAC based authentication protocol which includes applying UPM profile, creating VLAN (if netlogin dynamic VLAN is enabled on this port), VLAN movement etc.; when the user “john” then gets authenticated through Dot1x the ExtremeXOS switch or authenticator determines that Dot1x is the highest precedence protocol configured by the user in this port and removes the actions of MAC based authentication protocol and applies the Dot1x authentication protocol action that includes applying UPM profile, creating VLAN (if netlogin dynamic VLAN is enabled on this port), VLAN movement etc.; the MAC based authenticated client details still remains and continues to get reauthenticated for the configured time.

The netlogin process does the following when the user or MAC is being unauthenticated:
  1. Sends accounting stop message to RADIUS through AAA.
  2. Logs unauthentication EMS message for this client for this authentication protocol.
  3. Sends “extremeNetloginUserLogout” SNMP trap message for this authentication protocol.
  4. Informs IDM about unauthentication of this client for this authentication protocol.
  5. Informs UPM about the client‘s unauthentication for this protocol.

After performing the above actions, the netlogin process applies the highest precedence authentication protocol action configured for this port.