Configures the stale-entry aging time for event entries in the identity management database.
seconds |
Specifies the period (in seconds) at which event entries are deleted. The range is 60 to 1800 seconds. |
180 seconds.
The identity management database contains active entries, which correspond to active users and devices, and event entries, which record identity management events such as user logout or device disconnect. The active entries are automatically removed when a user logs out or a device disconnects. The event entries are automatically removed after a period defined by the stale-entry aging time.
Note
To capture active and event entries before they are deleted, you can use external management software such as Ridgeline™, which can access the switch using XML APIs. We recommend that the external client(s) that poll the identity management database be configured for polling cycles that are between one-third and two-thirds of the stale-aging time. This ensures that a new database entry or event does not age out before the next polling cycle.
The stale-entry aging time defines when event entries become stale. To preserve memory, the software periodically uses a cleanup process to remove the stale entries. You can configure the stale-entry aging time. The cleanup interval is defined by the software.
Database Memory Usage Level | Database Memory Usage Level (Percent) | Effective Stale-Entry Aging Time | Description |
---|---|---|---|
Normal |
Up to 80% |
Configured stale-entry aging time |
New identities and associated information (VLAN (Virtual LAN) and IP addresses) are added to or updated in the database. Events are also added to the database. Events are deleted from the database after the configured stale-entry aging time. |
High |
Above 80% to 90% |
The lower value of the following: 90 seconds or 50% of the configured stale-entry aging time |
Identities and events are added to the database as for the normal usage level, but the effective stale-entry aging time is reduced to delete events sooner and free memory. |
Critical |
Above 90% |
15 seconds |
The effective stale-entry aging time is further reduced to delete events sooner and free memory. No new identities are added to the database at this usage level, but updates (such as the addition or deletion of a VLAN or IP address) continue. At this level, the database might be missing active entries. |
Maximum |
Above 98% |
15 seconds |
At this level, the software does not process additions or updates to the database. The software only processes deletions. At this level, the database might be missing active entries. |
Whenever the database usage level changes, an EMS message is logged, and if enabled, an SNMP (Simple Network Management Protocol) trap is sent. If the switch changes the stale-entry aging time, the SNMP trap contains the new stale-entry aging time.
Note
If the database level regularly reaches the high usage level, or if it reaches the critical or maximum levels, it is time to investigate the cause of the issue. The solution might be to increase the database memory size.
External clients should be capable of adjusting the polling cycles. Because the aging cycle is shorter when memory is low, it is best if external clients can adjust their polling cycles in response to SNMP traps that announce a change in the stale-entry aging time.
The following command configures the stale-entry aging time for 90 seconds:
* Switch.4 # configure identity-management stale-entry aging-time 90
This command was first available in ExtremeXOS 12.4.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.