Dynamic mac-based vlan, Dynamic mac-based vlan cli commands – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 233

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

213

53-1002601-01

Dynamic MAC-based VLAN

Dynamic MAC-based VLAN

When enabled, the dynamic MAC-based VLAN feature allows the dynamic addition of
mac-vlan-permit ports to the VLAN table only after successful RADIUS authentication. Ports that fail
RADIUS authentication are not added to the VLAN table.

When this feature is not enabled, the physical port is statically added to the hardware table,
regardless of the outcome of the authentication process. This feature prevents the addition of
unauthenticated ports to the VLAN table. For information about how to configure Dynamic
MAC-based VLAN, refer to

“Configuring dynamic MAC-based VLAN”

on page 220.

Configuration notes and feature limitations
for dynamic MAC-based VLAN

The following guidelines apply to MAC-based VLAN configurations:

MAC-based VLAN is not currently supported for trunk ports and LACP.

MAC-based VLAN is not supported for VLAN groups, topology groups and dual-mode
configuration.

MAC-based VLAN is not supported together with ACLs or MAC address filters.

Brocade ICX 6650 devices do not support UDLD link-keepalives on ports with MAC-based VLAN
enabled.

Brocade ICX 6650 devices do not support STP BPDU packets on ports with MAC-based VLAN
enabled.

MAC-to-VLAN mapping must be associated with VLANs that exist on the switch. Create the
VLANs before you configure the MAC-based VLAN feature.

Ports participating in MAC-based VLANs must first be configured as mac-vlan-permit ports
under the VLAN configuration.

In the RADIUS server configuration file, a MAC address cannot be configured to associate with
more than one VLAN.

This feature does not currently support dynamic assignment of a port to a VLAN. Users must
pre-configure VLANs and port membership before enabling the feature.

Multi-device port authentication filters will not work with MAC-based VLANs on the same port.

Dynamic MAC-based VLAN CLI commands

The following table describes the CLI commands used to configure MAC-based VLANs.

TABLE 45

CLI commands for MAC-based VLANs

CLI command

Description

CLI level

mac-auth mac-vlan enable

Enables per-port MAC-based VLAN

Interface

mac-auth mac-vlan disable

Disables per-port MAC-based VLAN

interface

mac-auth mac-vlan-dyn-activation

Enables Dynamic MAC-based VLAN

global

no mac-auth mac-vlan-dyn-activation

Disables Dynamic MAC-based VLAN

global

no mac-auth mac-vlan

Removes the MAC-VLAN configuration from the
port

interface

Advertising
Popular Brands
Popular manuals