configure identity-management detection

configure identity-management detection [on | off] [fdb | iparp |ipsecurity | kerberos | lldp | netlogin | all] ports [port_list | all]


This command provides the administrator a way to enable/disable the detection of the identities that are triggered through any of the following protocols:

Syntax Description


Detection of the identities.


Detection of identities on.


Detection of identities off.


FDB identities.


IPARP identities.


Identities detected through DHCP snooping entries.


Kerberos identities.


LLDP identities.


All identities.



Usage Guidelines

The identity manager detects the identities using the following protocols:
  • FDB


  • IPSecurity DHCP Snooping

  • LLDP

  • Netlogin

  • Kerberos

By default, Identity Management detects identities through all the above mentioned protocols.

This feature provides the administrator a way to enable/disable the detection of the identities that are triggered through any of the above said protocols. The administrator can control the identity detection through any of the protocol trigger at the port level. This configuration can be applied to identity management enabled ports only. EXOS displays an error if this configuration is applied for the identity management disabled ports.



All types of Netlogin identity will not be detected if the netlogin detection is disabled.

Enabling Kerberos identity detection will not create identities for the previously authenticated Kerberos clients.


* Slot-1 Stack.1 # configure identity-management detection off fdb ports 1:3-6
* Slot-1 Stack.2 # configure identity-management detection off ipsecurity ports 1:3-6
* Slot-1 Stack.3 # configure identity-management detection off kerberos ports 1:1, 2:5-8
* Slot-1 Stack.4 # configure identity-management detection off netlogin ports 1:1-24, 2:1-24
The effect of these commands can be seen by issuing the show identity-management command
* Slot-1 Stack.5 # show identity-management
Identity Management : Enabled
Stale entry age out (effective) : 180 Seconds (180 Seconds)
Max memory size : 512 Kbytes
Enabled ports : 1:1-24, 2:1-24
FDB Detection Disabled ports : 1:3-6
IPARP Detection Disabled ports : None
IPSecurity Detection Disabled ports : 2:1
Kerberos Detection Disabled ports : 1:1, 2:5-8
LLDP Detection Disabled ports : None
Netlogin Detection Disabled ports : 1:1-24, 2:1-24
SNMP trap notification : Enabled
Access list source address type : IP
Kerberos aging time (DD:HH:MM) : 00:08:00
Kerberos force aging time (DD:HH:MM) : None
Valid Kerberos servers : none configured(all valid)


This command was first available in ExtremeXOS 15.2.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.