Campus And Isp Modes; Network Login And Hitless Failover-Modular Switches Only - Extreme Networks ExtremeWare XOS Guide Manual
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (496 pages) ,
- Command reference manual (1712 pages)
Table of Contents
Advertisement
Network Login
The choice of web-based versus 802.1x authentication is again on a per-MAC basis. Among multiple
clients on the same port, it is possible that some clients use web-based mode to authenticate, and some
others use 802.1x. This is not true if you configure netlogin MAC-based VLANs on the BlackDiamond
8800 family of switches of the Summit X450 switch. For more information, see
MAC-Based VLANs—BlackDiamond 8800 Family of Switches and the Summit X450 Switch Only" on
page
372.
NOTE
With multiple supplicant support, after the first MAC is authenticated, the port is transitioned to the authenticated
state and other unauthenticated MACs can listen to all data destined for the first MAC. Please be aware of this as
unauthenticated MACs can listen to all broadcast and multicast traffic directed to a network login-authenticated
port.
Campus and ISP Modes
Network login supports two modes of operation, Campus and ISP. Campus mode is intended for
mobile users who tend to move from one port to another and connect at various locations in the
network. ISP mode is meant for users who connect through the same port and VLAN each time (the
switch functions as an ISP).
In Campus mode, the clients are placed into a permanent VLAN following authentication with access to
network resources. For wired ports, the port is moved from the temporary to the permanent VLAN.
In ISP mode, the port and VLAN remain constant. Before the supplicant is authenticated, the port is in
an unauthenticated state. After authentication, the port forwards packets.
You do not explicitly configure the mode of operation; rather, the presence of any Extreme Networks
Vendor Specific Attribute (VSA) that has a VLAN name or VLAN ID (any VLAN attribute) in the
RADIUS server determines the mode of operation. If a VLAN attribute is present, it is assumed to be
Campus mode. If a VLAN attribute is not present, it is assumed to be ISP mode.
Network Login and Hitless Failover—Modular Switches Only
When you install two Management Switch Fabric Module (MSM) modules in a BlackDiamond chassis,
one MSM assumes the role of primary and the other assumes the role of backup MSM. The primary
MSM executes the switch's management functions, and the backup MSM acts in a standby role. Hitless
failover transfers switch management control from the primary MSM to the backup MSM.
NOTE
Beginning with ExtremeWare XOS 11.3, both the BlackDiamond 10K switch and the BlackDiamond 8800 family of
switches (formerly known as Aspen) support hitless failover for network login. If you are running an earlier version of
ExtremeWare, the modular switches do not support network login hitless failover.
Network login supports hitless failover by relaying current client authentication information from the
master MSM to the backup MSM. For example, if a client moves to the authenticated state, or moves
from an authenticated state to an unauthenticated state, the primary MSM conveys this information to
the backup MSM. If failover occurs, your authenticated client continues to operate as before the failover.
348
"Configuring Netlogin
ExtremeWare XOS 11.3 Concepts Guide
Advertisement
Chapters
Table of Contents
Troubleshooting
