configure identity-management detection

configure identity-management detection [on | off] [fdb | iparp |ipsecurity | kerberos | lldp | netlogin | all] ports [port_list | all]

Description

This command provides the administrator a way to enable/disable the detection of the identities that are triggered through any of the following protocols:

  • FDB

  • IPARP

  • IPSecurity DHCP Snooping

  • LLDP

  • Netlogin

  • Kerberos

Syntax Description

detection

Detection of the identities.
on

Detection of identities on.
off

Detection of identities off.
fdb

FDB identities.
iparp

IPARP identities.
ipsecurity

Identities detected through DHCP snooping entries.
kerberos

Kerberos identities.
lldp

LLDP identities.
all

All identities.

Default

On.

Usage Guidelines

The identity manager detects the identities using the following protocols:

  • FDB

  • IPARP

  • IPSecurity DHCP Snooping

  • LLDP

  • Netlogin

  • Kerberos

By default, Identity Management detects identities through all the above mentioned protocols.

This feature provides the administrator a way to enable/disable the detection of the identities that are triggered through any of the above said protocols. The administrator can control the identity detection through any of the protocol trigger at the port level. This configuration can be applied to identity management enabled ports only. ExtremeXOS displays an error if this configuration is applied for the identity management disabled ports.

Note

Note

All types of Netlogin identity will not be detected if the netlogin detection is disabled.

Enabling Kerberos identity detection will not create identities for the previously authenticated Kerberos clients.

Example

* Slot-1 Stack.1 # configure identity-management detection off fdb ports 1:3-6
* Slot-1 Stack.2 # configure identity-management detection off ipsecurity ports 1:3-6
* Slot-1 Stack.3 # configure identity-management detection off kerberos ports 1:1, 2:5-8
* Slot-1 Stack.4 # configure identity-management detection off netlogin ports 1:1-24, 2:1-24
The effect of these commands can be seen by issuing the show identity-management command
* Slot-1 Stack.5 # show identity-management
Identity Management : Enabled
Stale entry age out (effective) : 180 Seconds (180 Seconds)
Max memory size : 512 Kbytes
Enabled ports : 1:1-24, 2:1-24
FDB Detection Disabled ports : 1:3-6
IPARP Detection Disabled ports : None
IPSecurity Detection Disabled ports : 2:1
Kerberos Detection Disabled ports : 1:1, 2:5-8
LLDP Detection Disabled ports : None
Netlogin Detection Disabled ports : 1:1-24, 2:1-24
SNMP trap notification : Enabled
Access list source address type : IP
Kerberos aging time (DD:HH:MM) : 00:08:00
Kerberos force aging time (DD:HH:MM) : None
Valid Kerberos servers : none configured(all valid)

History

This command was first available in ExtremeXOS 15.2.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.

9037487-00 Rev AB