Aging for mac-based vlan, Table 47, For permitted hosts – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 237: For blocked hosts

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

217

53-1002601-01

MAC-based VLAN configuration

Aging for MAC-based VLAN

The aging process for MAC-based VLAN works as described below.

For permitted hosts

For permitted hosts, as long as the Brocade device is receiving traffic aging does not occur. The age
column in the output of the show table-mac-vlan command displays Ena or S num. If the Brocade
device stops receiving traffic, the entry first ages out from the MAC table (in the hardware) and then
the aging cycle for MAC-based VLAN begins. Aging in the MAC-based VLAN continues for 2 minutes
(the default is 120 seconds) after which the MAC-based VLAN session is flushed out.

For blocked hosts

For blocked hosts, as long as the Brocade device is receiving traffic, aging does not occur. In the
output of the show table-mac-vlan command, the age column displays H0 to H70, S0, and H0 to
H70, etc. Aging of the MAC-based VLAN MAC occurs in two phases: hardware aging and software
aging. The hardware aging period can be configured using the mac-authentication hw-deny-age
command in config mode. The default is 70 seconds. The software aging time for MAC-based VLAN
MACs can be configured using the mac-authentication max-age command. When the Brocade
device is no longer receiving traffic from a MAC-based VLAN MAC address, the hardware aging

TABLE 47

Brocade vendor-specific attributes for RADIUS

Attribute name

Attribute ID

Data type

Optional or
mandatory

Description

Foundry-MAC-based
VLAN-QoS

8

decimal

Optional

The QoS attribute specifies the priority of the
incoming traffic based on any value between 0
(lowest priority) and 7 (highest priority). Default
is 0.

Foundry-802_1x-en
able

6

integer

Optional

Specifies whether 802.1X authentication is
performed when MAC-based VLAN is successful
for a device. This attribute can be set to one of
the following:
0 - Do not perform 802.1X authentication on a
device that passes MAC-based VLAN. Set the
attribute to zero (0) for devices that do not
support 802.1X authentication.
1 - Perform 802.1X authentication when a
device passes MAC-based VLAN. Set the
attribute to one (1) for devices that support
802.1X authentication.

Foundry-802_1x-val
id

7

integer

Optional

Specifies whether the RADIUS record is valid
only for MAC-based VLAN, or for both
MAC-based VLAN and 802.1X authentication.
This attribute can be set to one of the following:
0 - The RADIUS record is valid only for
MAC-based VLAN. Set this attribute to zero (0) to
prevent a user from using their MAC address as
username and password for 802.1X
authentication
1 - The RADIUS record is valid for both
MAC-based VLAN and 802.1X authentication.

Advertising
Popular Brands
Popular manuals