Configuration Notes And Feature Limitations - Dell PowerConnect B-FCXs Configuration Manual

TABLE 37
Hitless-supported services and protocols – PowerConnect B-Series FCX
Traffic type
Security
Other services to
Management

Configuration notes and feature limitations

•
PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Supported protocols and services
•
802.1X, including use with dynamic ACLs
and VLANs
•
EAP with RADIUS
•
IPv4 ACLs
•
DHCP snooping
•
Dynamic ARP inspection
•
IP source guard
•
Multi-device port authentication (MDPA),
including use with dynamic ACLs and
VLANs
•
MAC port security
•
AAA
•
DHCP
•
sFlow
•
SNMP v1, v2, and v3
•
SNMP traps
•
SNTP
•
Traceroute
For hitless stacking on the PowerConnect B-Series FCX, Dell recommends that you configure
the IronStack MAC address using the stack mac command. Without this configuration, the
MAC address of the stack will change to the new base MAC address of the Active Controller.
This could cause a spanning tree root change. Even without a spanning tree change, a client
PowerConnect B-Series FCX hitless stacking
Impact
Supported security protocols and services are not
impacted during a switchover or failover, with the
following exceptions:
•
802.1X is impacted if re-authentication does not
occur in a specific time window.
•
MDPA is impacted if re-authentication does not
occur in a variable-length time window.
•
In some cases, a few IP source guard packets may
be permitted or dropped.
•
If 802.1X and MDPA are enabled together on the
same port, both will be impacted during a
switchover or failover. Hitless support for these
features applies to ports with 802.1X only or
multi-device port authentication only.
•
For MAC port security, secure MACs are
synchronized between the Active and Standby
Controllers, so they are hitless. However, denied
MACs are lost during a switchover or failover but
may be relearned if traffic is present.
Configured ACLs will operate in a hitless manner,
meaning the system will continue to permit and deny
traffic during the switchover or failover process.
After a switchover or failover, the new Active Controller
will re-authenticate 802.1X or MDPA sessions that
were being forwarded in hardware. The hardware
continues to forward them (even with dynamic ACL,
dynamic VLAN, or both) while re-authentication occurs.
After trying to re-authenticate for a certain amount of
time (depending on the number of sessions to
re-authorize), sessions that did not re-authenticate are
removed.
Supported protocols and services are not impacted
during a switchover or failover.
DNS lookups will continue after a switchover or failover.
This information is not synchronized.
Ping traffic will be minimally impacted.
NOTE: If the FCX stack is rebooted, sFlow is disabled
on standby and member units until the
configuration is synchronized between the
Active and Standby Controllers.
5
165