configure netlogin dynamic-vlan
Configures the switch to automatically and dynamically create a VLAN after receiving authentication requests from one or more supplicants (clients).
|disable||Specifies that the switch does not automatically create dynamic VLANs. This is the default behavior.|
|enable||Specifies that the switch automatically create dynamic VLANs.|
The default is disabled.
Use this command to configure the switch to dynamically create a VLAN. If configured for dynamic VLAN creation, the switch automatically creates a supplicant VLAN that contains both the supplicant‘s physical port and one or more uplink ports.
A dynamically created VLAN is only a Layer 2 bridging mechanism; this VLAN does not work with routing protocols to forward traffic. After the switch unauthenticates all of the supplicants from the dynamically created VLAN, the switch deletes that VLAN.
NoteDynamically created VLANs do not support the session refresh feature of web-based network login because dynamically created VLANs do not have an IP address. Also, dynamic VLANs are not supported on ports when STP and network login are both configured on the ports.
By dynamically creating and deleting VLANs, you minimize the number of active VLANs configured on your edge switches. In addition, the RADIUS server forwards VSA information to dynamically create the VLAN thereby simplifying switch management. A key difference between dynamically created VLANs and other VLANs is that the switch does not save dynamically created VLANs. Even if you use the save command, the switch does not save a dynamically created VLAN.
Supported Vendor Specific Attributes
- Extreme: Netlogin-VLAN-ID (VSA 209).
- IETF: Tunnel-Private-Group-ID (VSA 81).
- Extreme: Netlogin-Extended-VLAN (VSA 211).
NoteIf the ASCII string only contains numbers, it is interpreted as the VLAN ID. Dynamic VLANs only support numerical VLAN IDs; VLAN names are not supported.
The switch automatically generates the VLAN name in the following format: SYS_NLD_TAG where TAG specifies the VLAN ID. For example, a dynamic network login VLAN with an ID of 10 has the name SYS_NLD_0010.
Specifying the Uplink Ports
To specify one or more ports as tagged uplink ports that are added to the dynamically created VLAN, use the following command: configure netlogin dynamic-vlan uplink-ports
The uplink ports send traffic to and from the supplicants from the core of the network.
By default the setting is none. For more information about this command, see the usage guidelines for configure netlogin dynamic-vlan uplink-ports.
Viewing Status Information
To display summary information about all of the VLANs on the switch, including any dynamic VLANs currently operating on the switch, use the following command: show vlan
If the switch dynamically creates a VLAN, the VLAN name begins with SYS_NLD_ and the output contains a d flag for the dynamically created VLAN.
To display the status of dynamic VLAN configuration on the switch, use the following command: show netlogin
The switch displays the current state of dynamic VLAN creation (enabled or disabled) and the uplink port(s) associated with the dynamic VLAN.
The following example automatically adds ports 1:1-1:2 to the dynamically created VLAN as uplink ports:
configure netlogin dynamic-vlan uplink-ports 1:1-1:2
This command was first available in ExtremeXOS 11.6.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.