Dell FCX624-E Laptop User Manual


  Open as PDF
of 1494
 
534 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring MAC-based VLANs
15
When the hardware aging period ends, the software aging period begins. The software aging period
lasts for a configurable amount of time (the default is 120 seconds). After the software aging
period ends, the MAC-based VLAN session is flushed, and the MAC address can be authenticated
or denied if the Dell PowerConnect device again receives traffic from that MAC address.
For MAC-based dynamic activation
If all of the sessions age out on a port, the port is dynamically removed from the VLAN table. When
any new session is established, the port is dynamically added back to the VLAN table.
NOTE
If the Dell PowerConnect device receives a packet from an authenticated MAC address, and the
MAC-based VLAN software aging is still in progress (hardware aging has already occurred), a RADIUS
message is NOT sent to the RADIUS server. Instead the MAC address is reentered in the hardware
along with the parameters previously returned from the RADIUS server. A RADIUS message is sent
only when the MAC-based VLAN session ages out from the software.
To change the length of the software aging period
To change the length of the software aging period for blocked MAC addresses, enter a command
such as the following.
PowerConnect(config)#mac-authentication max-age 180
Syntax: [no] mac-authentication max-age <seconds>
You can specify from 1 – 65535 seconds. The default is 120 seconds.
Disabling aging for MAC-based VLAN sessions
MAC addresses that have been authenticated or denied by a RADIUS server are aged out if no
traffic is received from the MAC address for a certain period of time.
You can optionally disable aging for MAC-based VLAN session subject to authentication, either for
all MAC addresses or for those learned on a specified interface.
Globally disabling aging
On most devices, you can disable aging on all interfaces where MAC-based VLAN has been
enabled, by entering the following command.
PowerConnect(config)#mac-authentication disable-aging
Syntax: mac-authentication disable-aging
Enter the command at the global or interface configuration level.
The denied-mac-only parameter prevents denied sessions from being aged out, but ages out
permitted sessions.
The permitted-mac-only parameter prevents permitted (authenticated and restricted) sessions
from being aged out and ages denied sessions.
Disabling the aging on interfaces
To disable aging on a specific interface where MAC-based VLAN has been enabled, enter the
command at the interface level.