HLD for PNAC feature introduction in SONiC #1292
Conversation
|
|
|
Looks like there is an HLD from BRCM to support the same PNAC features + MAB IMO, we should compare and converge on what's best for the community. |
| “SAI_BRIDGE_PORT_FDB_LEARNING_MODE_DROP” | ||
| “SAI_BRIDGE_PORT_FDB_LEARNING_MODE_HW” | ||
|
|
||
| When port is in unauthorized state after enabling NAC feature then port learn mode is configured as “SAI_BRIDGE_PORT_FDB_LEARNING_MODE_DROP”. |
There was a problem hiding this comment.
Please provide config flow for both un-authorized and authorized states.
| - Update learn_mode for the specific interface in config_db to “***SAI_BRIDGE_PORT_FDB_LEARNING_MODE_HW***” | ||
| This action will trigger Orchagent invoking SAI to update the learn_mode. | ||
| After receiving interface state change notification from Authorised to Unauthorised hostapd_wrapper performs following two operations, | ||
| - Update “***nac_status***” in NAC_SESSION table which is part of config_DB to "***unauthorised***". |
There was a problem hiding this comment.
Why is this table a part of CONFIG_DB? This seems like an operational change again w.r.t PNAC.
There was a problem hiding this comment.
Acknowledged. We will update this topic.
There was a problem hiding this comment.
@kishorgovind can you please help to provide the code PRs? Thanks.
Yang model for NAC Feature
|
Please add the code PRs if you have. Thanks |
Code Pull Request IDs: |
|
@kishorgovind Did I understand correctly that community desided to go with #1315 with farther extention with local autentification? If yes, is this PR and related Code PRs still relevant or they should be closed? |
This document describes the high-level design of PNAC (Port Network Access Control) feature in SONiC.