Contents x
    Example behaviour
    • 06 Jun 2022
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Example behaviour

    • Updated on 06 Jun 2022
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Endpoint configuration

    When an endpoint is configured either manually or imported with a Synchronization rule, the MAC address is added into the Endpoint List and the MAC address is set to the uknown state. Then the Live log is checked for the endpoint's latest authentication activity. This check is repeated every Check Interval. If the Endpoint is not found in Live log or its latest activity is Accounting Stop. iVLAN change is not triggered. This behaviour is the same until the endpoint connects to the network.

    Endpoint connects to the network

    When the endpoint connects to the network (Live log latest activity is Accounting Start or Interim Update) the Endpoint is set to the Active state and its location is detected from the Live log and XTENDISE triggers the iVLAN change. This means that XTENDISE configures the interface to the iVLAN enabled configuration.

    image.png

    Switchport VLAN change
    • Please note that the access VLAN change on the interface is absolutely transparent for the Endpoint and does not disconnect it.
    • The compliance module reflects the VLAN change and ignores VLAN configuration on the iVLAN enabled interfaces

    The iVLAN is kept on the switchport interface as long as the Endpoint is connected to the interface. This state is periodically checked in Live log.

    Endpoint disconnect from the network

    When the Endpoint disconnects (or is turned off) from the network (Accounting Stop Message is detected), the Endpoint is set to Not Active state and the iVLAN Disconnect timeout is started. This timeout specifies how long is the iVLAN configuration kept on the switchport. The iVLAN configuration is kept on the interface until the VLAN Disconnect Timeout times out.

    If the Endpoint connects to the network before the VLAN Disconnect Timeout times out, the Timeout is reset and no change on the switchport configuration is made.

    iVLAN Disconnect Timeout
    • It is important to configure the iVLAN Disconnect Timeout to an appropriate value. The default value is 168 hours which is one week and highly depends on the use case.
    • If the use case is WoL it is recommended that the interval is longer than the PC update interval which is usually more than one week.
    • If the use case is to fix silent Endpoints the default value of 168 hours is usually sufficient.

    If iVLAN is disabled on the switchport

    The interface is reverted to its default configuration under the following conditions:

    • The Endpoint is deleted from XTENDISE
    • The Endpoint was imported and its MAC group changed
    • The VLAN Disconnect Timeout times out
    • The Endpoint is detected on another interface - iVLAN is disabled on the previous switchport and enabled on the new switchport where the device is detected.
    • Another MAC address is detected on the switchport and the Check Interface option is enabled
    Disconnect Timeout

    If the VLAN Disconnect Timeout times out, it does mean that the MAC address is removed from the iVLAN module. It only means that iVLAN configuration is removed from the switchport and the MAC address is set to uknown state. If the MAC address authenticates to the network again the process starts over and iVLAN is enabled on the switchport again.

    What's Next