Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

Identity Management Feature Limitations

In the current release, the identity management feature has the following limitations:

  • IPv4 support only. IPv6 to MAC bindings are not captured.
  • For Kerberos snooping, clients must have a direct Layer 2 connection to the switch; that is, the connection must not cross a Layer 3 boundary. If the connection does cross a Layer 3 boundary, the gateway's MAC address gets associated with the identity.
  • Kerberos snooping does not work on fragmented IPv4 packets.
  • Kerberos identities are not detected when both server and client ports are added to identity management.
  • Kerberos does not have a logout mechanism, so mapped identities are valid for the time period defined by the Kerberos aging timer or the Force aging timer.
  • Kerberos snooping applied ACLs can conflict with other ACLs in the system.

IDM is not supported on LAG ports.

Published March 2020prev | next

Email this topicEmail this topic

Print this pagePrint this page