Vm Authentication Process; Ridgeline Authentication; Network (Vmmap) Authentication; Local Authentication - Extreme Networks Ridgeline Guide Manual
Concepts and solutions guide
Hide thumbs
Also See for Ridgeline Guide:
- Installation manual (74 pages) ,
- Datasheet (6 pages) ,
- Installation manual (60 pages)
Table of Contents
Advertisement
Managing Virtual Machines
Local virtual port profiles (LVPPs), which override network policies, must be configured on each switch.
LVPPs are a good choice for simple network topologies, but NVPPs offer easier network management
for more complex network topologies.
VM Authentication Process
The XNV feature supports three methods of authentication:
Ridgeline authentication.
●
Network authentication using a downloaded authentication database stored in the VMMAP file.
●
Local authentication using a local database created with ExtremeXOS CLI commands.
●
The default VM authentication configuration uses all three methods in the following sequence:
Ridgeline server (first choice), network based VMMAP file, and last, local database. If a service is not
available, the switch tries the next authentication service in the sequence.
The following sections describe each authentication process:
Ridgeline Authentication on page 146
●
Network (VMMAP) Authentication on page 146
●
Local Authentication on page 146
●
Ridgeline Authentication. If Ridgeline authentication is enabled and a VM MAC address is detected on a
VM-tracking enabled port, the software sends an Access-Request to the configured Ridgeline server for
authentication. When the switch receives a response, the switch does one of the following:
When an Access-Accept packet is received with one or two specified NVPP files, the policies are
●
applied on VM enabled port.
When an Access-Accept packet is received and no NVPP file is specified, the port is authenticated
●
and no policy is applied to the port.
When an Access-Reject packet is received, the port is unauthenticated and no policy is applied.
●
When an Access-Reject packet indicates that the Ridgeline server timed-out or is not reachable, the
●
switch tries to authenticate the VM MAC address based on the next authentication method
configured, which can be either network authentication or local authentication.
Network (VMMAP) Authentication. If network (VMMAP) authentication is enabled and a VM MAC
address is detected on a VM-tracking enabled port, the switch uses the VMMAP file to authenticate the
VM and applies the appropriate policies.
Local Authentication. If local authentication is enabled and a VM MAC address is detected on a VM-
tracking enabled port, the switch uses the local database to authenticate the VM and apply the
appropriate policies.
File Synchronization
Ridgeline's XNV feature supports file synchronization between XNV-enabled switches and the
repository server. The files stored on the repository server include the VMMAP file and the policy files.
One of the advantages of the repository server is that multiple XNV-enabled switches can use the
repository server to collect the network VM configuration files. The XNV feature provides for access to
a secondary repository server if the primary repository server is unavailable.
146
Ridgeline Concepts and Solutions Guide
Advertisement
Table of Contents
Troubleshooting
