Reset Search
 

 

Article

Netlogin is not supported on non-MLAG ports when they belong to VLANs with some of other ports in MLAGs

« Go Back

Information

 
TitleNetlogin is not supported on non-MLAG ports when they belong to VLANs with some of other ports in MLAGs
Symptoms
FDB entries get authenticated and learned on non-MLAG netlogin ports on the first peer switch, however the entries never get learned (check pointed) on the ISC ports on the second peer switch.

User-added image

"A" and "B" switches are MLAG peered and the user is connected to port 15 of "B" switch which is non-MLAG port.
The user's MAC address is learned on port 15 of "B" switch and learned on the ISC port (31) of "A" switch.
 
* Math-X460-5thFL-5B.126 # show fdb
Mac                     Vlan       Age  Flags           Port / Virtual Port List
--------------------------------------------------------------------------------
b8:ca:3a:c2:63:d4      Data5(0405) 0000  dhm            15

* Math-X460-5thFL-5A.55 # show fdb
Mac                     Vlan       Age  Flags           Port / Virtual Port List
--------------------------------------------------------------------------------
b8:ca:3a:c2:63:d4      Data5(0405) 0000  dhmi       S   31
Now, netlogin is enabled on port 15 and the user is successfully authenticated through dot1x on the port. 
 
* Math-X460-5thFL-5B.127 # enable netlogin ports 15 dot1x mac
* Math-X460-5thFL-5B.129 # show netlogin port 15
------------------------------------------------
        Netlogin Clients
------------------------------------------------

MAC                IP address       Authenticated     Type    ReAuth-Timer   User
b8:ca:3a:c2:63:d4  10.35.50.13      Yes, Radius       802.1x  35982          host/UM-1HYQWW1.cgcent.miami.edu
-----------------------------------------------

The user's MAC address is learned on port 15 of "B" switch, but no longer on the ISC port of "A" switch.
 
* Math-X460-5thFL-5B.130 # sh fdb
Mac                     Vlan       Age  Flags           Port / Virtual Port List
--------------------------------------------------------------------------------
00:04:96:1d:b1:10   CORE_INT(3035) 0000  dhmi       S   29
00:04:96:99:c1:91   CORE_INT(3035) 0000  s m        S   31
00:04:96:99:c1:91      Data5(0405) 0000  s m        S   31
00:04:96:99:c1:91  Isolation(0663) 0000  s m        S   31
00:04:96:99:c1:91 Facilities(0300) 0000  s m        S   31
00:04:96:99:c1:91 MLAG-Control(3000) 0000  s m        S   31
00:04:96:99:c1:91      Voice(0505) 0000  s m        S   31
00:04:96:99:c1:91 INTRA_OSPF(3333) 0000  s m        S   31
00:1b:54:79:d4:c1 Facilities(0300) 0000  dhm        S   31
00:1d:71:01:1b:42 Facilities(0300) 0000  dhm        S   31
00:1f:6c:c6:b8:c2 Facilities(0300) 0000  dhm        S   31
b8:ca:3a:c2:63:d4      Data5(0405) 0000 ns m            15

* Math-X460-5thFL-5A.55 # sh fdb
Mac                     Vlan       Age  Flags           Port / Virtual Port List
--------------------------------------------------------------------------------
00:04:96:1d:b1:10   CORE_INT(3035) 0000  dhmi       S   29
00:04:96:99:79:77 MLAG-Control(3000) 0000  s m        S   31
00:04:96:99:79:77   CORE_INT(3035) 0000  s m        S   31
00:04:96:99:79:77      Data5(0405) 0000  s m        S   31
00:04:96:99:79:77      Voice(0505) 0000  s m        S   31
00:04:96:99:79:77 Facilities(0300) 0000  s m        S   31
00:04:96:99:79:77  Isolation(0663) 0000  s m        S   31
00:04:96:99:79:77 INTRA_OSPF(3333) 0000  s m        S   31
00:1b:54:79:d4:c1 Facilities(0300) 0000  dhmi           30
00:1d:71:01:1b:42 Facilities(0300) 0000  dhmi           30
00:1f:6c:c6:b8:c2 Facilities(0300) 0000  dhmi           30

 
Environment
  • EXOS All
Cause
Currently, netlogin is not supported on non-MLAG ports within VLANs which have MLAGs and the ISC ports.
FDB learning is disabled on the ISC ports, hence FDB entries are only installed on the ISC ports through MLAG check pointing.  
The current implementation of MLAG doesn't support check pointing for FDB entries learned on netlogin enabled ports.
Resolution
Not available at this time. Netlogin support for an MLAG environment is targeted for 22.4, which is subject to change. 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255