configure identity-management greylist
This command enables a network administrator to choose usernames whose identity is not required to be maintained. These user names are added to greylist. Identity Management module does not create an identity when greylist users log in.
Specifies an identity by user name.
Checks if the same entry is present in blacklist/whitelist. If yes, command is rejected with appropriate error message.
Checks if this entry is ineffective because of existing entries in blacklist/whitelist. During this check, precedence of greylist is also taken into account.
E.g: New entry being configured into greylist is: Richard@corp. Assume blacklist has higher precedence and it has an entry "Richard". In this case, new entry is ineffective and the configuration is rejected giving the details.
If no conflict is found, greylist is updated.
IDM checks if any existing identity matches the new entry in greylist. If match is found, location/identity will be deleted and unknown identity is created with the same MAC.
If greylist user is the only user logged into the device, unknown identity is created and user is kept in unauthenticated role. However if actual user is present along with greylist user, no additional policy is applied for greylist user. Greylist user will get access permissions same as that of actual user logged in.
When user deletes an entry from greylist, identity manager will:
1. Delete the entry and updates the list.
2. User identity is constructed based on NetLogin details, if deleted username is found in NetLogin authenticated user database.
The following command adds an username to the greylist:
configure identity-management greylist add user Richard@corp
The following command deletes an username from the greylist:
configure identity-management greylist del user Richard@corp
This command was first available in ExtremeXOS 15.1.
This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.