Advertisement
Changes and Enhancements in 3.01.90
A variety of enhancements have been made to MAC authentication. MAC authentication can be configured as a
single user per port or in ―piggy-back‖ mode where once an initial user is authenticated, multiple users can share
the same port and policy assignment assigned to the port. In either implementation, the user can configure the
port to have a default policy for unauthenticated users or define no default policy essentially locking any users off
the port until they are authenticated. These four possible configurations are explained in more detail below:
MAC authentication, Single User mode, no piggy-back:
This requires no configuration change for existing implementations.
o
No default policy applied
Traffic will not be forwarded until the MAC address is authenticated. If the authentication attempt of
the first MAC address received on the port fails, the port will wait for the quiet period to expire before
sending the next MAC address received to the RADIUS server for authentication.
o
Default policy is applied
Traffic will be forwarded per the default policy. Any MAC address received on the port will be added
to the filter database (FDB). An authentication request for this MAC address will then be sent to the
RADIUS server. If the authentication attempt fails, the device will delete the MAC address from the
FDB, and repeat the process with the next MAC address received on the port.
MAC auth Single User mode, with piggy-back
MAC Locking must be enabled on the port. The user can limit the maximum number of addresses that
can be learned on the port using the first arrival setting.
o
No default policy applied
There will be no traffic forwarded on the port until a MAC address is authenticated. When the first
MAC address is received on the port, a request will be sent to the RADIUS server. If the
authentication attempt fails, the port will wait until quiet period expires and then remove the MAC
address from FDB. The device will then take the next MAC address received on the port and restart
the process. Once one MAC address is authenticated on the port, additional MAC addresses can be
added to FDB without going through the authentication process up to the configured firstarrival
setting (default 600 per port).
o
Default policy is applied
Traffic will be forwarded on the port per the default policy until a MAC address on this port has been
authenticated. When the first MAC address is received on the port it will be added to the FDB, and a
request will be sent to the RADIUS server. If the authentication attempt fails, the device will wait until
the quiet period expires, and will then repeat this process using the next MAC address it finds in the
FDB for this port. Once one MAC address is authenticated on the port, additional MAC addresses
can be added to FDB without going through the authentication process up to the configured
firstarrival setting (default 600 per port).
The SecureStack C2 will now accept DVMRP Graft packets which contain either a source IP host or Source IP
Network.
The device now supports the ability to hardset mini-GBIC ports to forced 1000 mbps. To force 1000 on an SFP
module, disable auto-negotiation for that port (or combo-port). In that state, fixed RJ45 copper ports (if they are
combo ports) behave as expected (you can force them to 10 or 100 Mbps, full or half duplex). If an SFP module
is present, the port is automatically set to forced 1000 mbps, full duplex, ―master‖.
Changes and Enhancements in 3.01.80
If a link is established between a C2G124-xx and a C2H124-xx using an MGBIC MT-01, and the C2H124-xx is
reset, the link will correctly be reestablished when the C2H124-xx comes back online.
Saved configurations which contain user-defined SNMPv3 users, will now be correctly loaded when applying the
configuration to the device.
The buffer management scheme has been modified to allow a single port to use more of the common buffer
pool.
PWA will now work correctly in a routed environment.
08/13/2008 P/N: 9038155-52
F0615-O
Subject to Change Without Notice
CUSTOMER RELEASE NOTES
Page: 22 of 41
Advertisement
