Identity Management Feature Limitations
In the current release, the identity management feature has the following
- IPv4 support only. IPv6 to MAC bindings are not captured.
- For Kerberos snooping, clients must have a direct Layer 2 connection
to the switch; that is, the connection must not cross a Layer 3 boundary. If the
connection does cross a Layer 3 boundary, the gateway's MAC address gets associated with
- Kerberos snooping does not work on fragmented IPv4 packets.
- Kerberos identities are not detected when both server and client
ports are added to identity management.
- Kerberos does not have a logout mechanism, so mapped identities are
valid for the time period defined by the Kerberos aging timer or the Force aging
- Kerberos snooping applied ACLs can conflict with other ACLs in the
IDM is not supported on LAG ports.