configure netlogin ports mode

configure netlogin ports [all | port_list] mode [mac-based-vlans | port-based-vlans]

Description

Configures the network login port‘s mode of operation.

Syntax Description

all Specifies all netlogin ports.
port_list Specifies one or more network login ports.
mac-based-vlans Allows more than one untagged VLAN.
port-based-vlans Allows only one untagged VLAN. This is the default behavior.

Default

The default setting is port-based-vlans.

Usage Guidelines

Use this command to configure network login MAC-based VLANs on a network login port.

If you modify the mode of operation to mac-based-vlans and later disable all network login protocols on that port, the mode of operation automatically returns to port-based-vlans.

When you change the network login port‘s mode of operation, the switch deletes all currently known supplicants from the port and restores all VLANs associated with that port to their original state. In addition, by selecting mac-based-vlans, you are unable to manually add or delete untagged VLANs from this port. Network login now controls these VLANs.

With network login MAC-based operation, every authenticated client has an additional FDB flag that indicates a translation MAC address. If the supplicant‘s requested VLAN does not exist on the port, the switch adds the requested VLAN.

Configuration of port-based-vlans is lost if ONEPolicy is enabled.

Important Rules and Restrictions

This section summarizes the rules and restrictions for configuring network login MAC-based VLANs:

Displaying FDB Information

To view network login-related FDB entries, use the following command:

show fdb netlogin [all | mac-based-vlans]

The following is sample output from the show fdb netlogin mac-based-vlans command:

Mac                    Vlan          Age     Use    Flags      Port List
------------------------------------------------------------------------
00:04:96:10:51:80      VLONE(0021)   0086    0000   n m      v 1:11
00:04:96:10:51:81      VLTWO(0051)   0100    0000   n m      v 1:11
00:04:96:10:51:91      VLTWO(0051)   0100    0000   n m      v 1:11
Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,
x - IPX, l - lockdown MAC, M - Mirror, B - Egress Blackhole,
b - Ingress Blackhole, v - NetLogin MAC-Based VLAN.

The flags associated with network login include:

Displaying Port and VLAN Information

To view information about the VLANs that are temporarily added in MAC-based mode for network login, use the following command:

show ports port_list information detail

The following is sample output from this command:

Port:   1
Virtual-router: VR-Default
Type:           UTP
Random Early drop:      Disabled
Admin state:    Enabled with  auto-speed sensing  auto-duplex
Link State:     Active, 100Mbps, full-duplex
Link Counter: Up        1 time(s)
VLAN cfg:
Name: Default, Internal Tag = 1(MAC-Based), MAC-limit = No-limit
...<truncated output>
Egress 802.1p Replacement:      Disabled
NetLogin:                       Enabled
NetLogin authentication mode:   Mac based
NetLogin port mode:             MAC based VLANs
Smart redundancy:               Enabled
Software redundant port:        Disabled
auto-polarity:                  Enabled

The added output displays information about the mode of operation for the network login port.

To view information about the ports that are temporarily added in MAC-based mode for network login, due to discovered MAC addresses, use the following command:

show vlan detail

The following is sample output from this command:

VLAN Interface with name Default created by user
Tagging:        802.1Q Tag 1
Priority:       802.1P Priority 0
Virtual router: VR-Default
STPD:           s0(Disabled,Auto-bind)
Protocol:       Match all unfiltered protocols
Loopback:       Disable
NetLogin:       Disabled
Rate Shape:     Disabled
QosProfile:     None configured
Ports:   26.      (Number of active ports=2)
Untag:    *1um, *2,     3,     4,     5,     6,     7,
8,        9,    10,    11,    12,    13,    14,
15,       16,    17,    18,    19,    20,    21,
22,       23,    24,    25,    26
Flags: (*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (a) Authenticated NetLogin Port
(u) Unauthenticated NetLogin port, (m) Mac-Based port

The flags associated with network login include:

Example

The following command configures the network login ports mode of operation:

configure netlogin ports 1:1-1:10 mode mac-based-vlans

History

This command was first available in ExtremeXOS 11.3.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.