Deploying an Identity Aware Network
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Extreme Networks Application Note
Total number of VLAN(s) : 5
* Slot-1 Stack.120 # show “unauthvlan”
VLAN Interface with name unauthvlan created by user
Admin State: Enabled Tagging: 802.1Q Tag 10
Virtual router: VR-Default
IPv6:
None
STPD:
None
Protocol: Match all unfiltered protocols
Loopback: Disabled
NetLogin: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 1. (Number of active ports=1)
Untag: *1:2(kerb _ port)
Flags: (*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (m) Mac-Based port
(a) Egress traffic allowed for NetLogin
(u) Egress traffic unallowed for NetLogin
(t) Translate VLAN tag for Private-VLAN
(s) Private-VLAN System Port, (L) Loopback port
(e) Private-VLAN End Point Port
(x) VMAN Tag Translated port
6. Deployment Considerations
6.1. Memory Usage in the Switch
The default memory size configured for identity-management is 512KB, and this is consumed from the system as soon as the
identity-management process starts in ExtremeXOS. The memory pool reserved is used for the following purposes:
• Tracking various user and device identities: This memory will be used throughout the lifetime of the identity. Events
such as identity aging will cause memory held by the process to be given back to the pool reserved for identity
management.
• Processing several events sent to the identity-management process from other processes such as NetLogin, LLDP, FDB
Manager, etc. This memory is used to handle events such as user logon notification by NetLogin, and is relinquished as
soon as the event has been processed.
The table below summarizes the memory consumption for a combination of users and devices.
Table 7:
User/Device
Authentication Method
Kerberos
Activity
LLDP
Average memory
required to track
one identity
Average memory required to
handle events related to one
identity from other processes
802.1X Web MAC
User + Workstation 3 3 1KB 4KB
User + Workstation 3 512 bytes 4KB
VoIP Phone 3 3 512 bytes 6KB
VoIP Phone 3 3 512 bytes 6KB
NOTES
These numbers for memory requirements are valid for ExtremeXOS 12.4.1, and are subject to change in later ExtremeXOS versions
depending on the amount of information included as part of an identity.
© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 67