IPARP
IPSecurity DHCP (Dynamic Host Configuration Protocol) Snooping
Netlogin
Kerberos
detection |
Detection of the identities. |
on |
Detection of identities on. |
off |
Detection of identities off. |
fdb |
FDB identities. |
iparp |
IPARP identities. |
ipsecurity |
Identities detected through DHCP snooping entries. |
kerberos |
Kerberos identities. |
lldp |
LLDP identities. |
all |
All identities. |
On.
FDB
IPARP
IPSecurity DHCP Snooping
LLDP
Netlogin
Kerberos
By default, Identity Management detects identities through all the above mentioned protocols.
This feature provides the administrator a way to enable/disable the detection of the identities that are triggered through any of the above said protocols. The administrator can control the identity detection through any of the protocol trigger at the port level. This configuration can be applied to identity management enabled ports only. EXOS displays an error if this configuration is applied for the identity management disabled ports.
Note
All types of Netlogin identity will not be detected if the netlogin detection is disabled.
Enabling Kerberos identity detection will not create identities for the previously authenticated Kerberos clients.
* Slot-1 Stack.1 # configure identity-management detection off fdb ports 1:3-6 * Slot-1 Stack.2 # configure identity-management detection off ipsecurity ports 1:3-6 * Slot-1 Stack.3 # configure identity-management detection off kerberos ports 1:1, 2:5-8 * Slot-1 Stack.4 # configure identity-management detection off netlogin ports 1:1-24, 2:1-24 The effect of these commands can be seen by issuing the show identity-management command * Slot-1 Stack.5 # show identity-management Identity Management : Enabled Stale entry age out (effective) : 180 Seconds (180 Seconds) Max memory size : 512 Kbytes Enabled ports : 1:1-24, 2:1-24 FDB Detection Disabled ports : 1:3-6 IPARP Detection Disabled ports : None IPSecurity Detection Disabled ports : 2:1 Kerberos Detection Disabled ports : 1:1, 2:5-8 LLDP Detection Disabled ports : None Netlogin Detection Disabled ports : 1:1-24, 2:1-24 SNMP trap notification : Enabled Access list source address type : IP Kerberos aging time (DD:HH:MM) : 00:08:00 Kerberos force aging time (DD:HH:MM) : None Valid Kerberos servers : none configured(all valid)
This command was first available in ExtremeXOS 15.2.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.