Wireless (General)

Expand all | Collapse all

X460-G2 & Policy Manager: End User Sessions Username missing

  • 1.  X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-19-2015 18:20
    Hi Guys,

    I'm playing with EXOS 16.1, X460-G2 and Policy Manager / NAC ( NetSight 6.3) in my LAB and I found something odd.

    When a user authenticates to any port of the X460-G2, in the Policy Manager Network Elements Tab -> Port Usage -> End User Sessions the Username shows as N/A (as Session ID).

    In the old RED gear, it shows as expected but not on the new gear.

    Looking at the X460-G2 console's, using a "show netlogin" the username is there...

    When I added the switch to NAC Manager, it shows up the username with no problems.

    I have customers with large B5's installed base, and some will now start using X450-G2/X460-G2, and many have no NAC, and use PM to find the username authenticated at ports.

    Any ideas? Something still missing in this version?

    Best regards,

    -Leo


  • 2.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 06-10-2016 13:16
    Hello guys,

    It's about 10 months and no answer... Any info?

    Now I'm deploying a PoC with X460G2 on a customer large B5 installed base (XOS 21 and ECC 7) and the Username still not showing up...

    Best regards,

    _Leo


  • 3.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-09-2016 12:43
    Hi guys,

    Any news?

    Best regards,

    -Leo


  • 4.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-09-2016 18:24
    Leo,

    I think you need to enable identity management(IDM) with Kerberos snooping on the switch in order to get any username information without NAC. I believe Netsight only looks at IDM data and not netlogin data.

    Here is a KCS article on how to setup IDM with Netsight and NAC. It should give you the configurations to use for a non NAC deployment.

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configured-Identity-Management-for-...

    User guide link as well:
    http://documentation.extremenetworks.com/exos/EXOS_21_1/Identity_Management/c_configuring-identity-m...

    Let me know if you get it working.

    Stephen



  • 5.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-15-2016 11:50
    Hi Stephen,

    I've tried following the guide but it still not working (on "OneView" or PM).

    Any ideas?

    Best regards,

    -Leo


  • 6.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-22-2016 14:29
    Leonardo,

    Thanks for being very patient. I have created a new article just for your situation. Go through it and let me know if it worked for you.

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-use-EXOS-and-IDM-to-see-end-systems...

    Stephen



  • 7.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-25-2016 16:54
    Hi Stephen,

    Thanks for the guide...

    I've double checked the config I've created with your guide and looks the same, but I'm still missing something...

    The "show xml-notification statistics" is showing a "Connection Status: fail"...

    The configured user for xml-notifications can access the Oneview interface.

    Something that can be relevant: the customer's Netsight install don't have a valid certificate (Netsight auto generated cert) configured to accept all certs (server and client).

    Any ideias?

    Best regards



  • 8.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-25-2016 17:38
    You can try going to the XML url in your PC browser and see if you can login with that user.

    https://x.x.x.x:8443/axis/services/event

    You will see a page like this:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.

    [/code]



  • 9.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-25-2016 17:46
    I've already tried this tip, and was able to login, but got a "500 Internal Server Error" on Internet Explorer.

    (I couldn't try with another browser, because of the customer's security policy).

    Enabling the Verbose logging for OneView Web Applications, I can see a lot of logs, all coming from the Wireless Controllers, but nothing from the switch.

    Maybe we have some Netsight server problem?

    Best regards,

    -Leo



  • 10.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 09-07-2016 11:41
    I got the same thing when using IE. If the password was wrong you would get a 401 message.

    Did you make sure you selected the correct VR when setting up the XML notifications?


  • 11.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 07-10-2017 11:00
    Hi Stephen,

    I got back to this issue now, because our long-term EOS customer started to refresh the old gear for X440-G2.

    The same issue arises as happened in my lab... The xml-notification can't connect to the EMC (using the guide posted at the gtacknowledge)... The customer is running EMC 7.1.2.12 and EXOS 21.1.1.4-patch1-5.

    X440-G2-RH-01.8 # sh xml-notification configuration
    Target Name : netsight-target_172.18.1.50
    Server URL : https://172.18.1.50:8443/axis/services/event (VR-Default)
    Server User Name : xmlnotification
    Enabled : yes
    Queue Size : 100
    Connection Status : fail
    Source IP Address : 172.18.3.253
    Configured Modules : idMgr[/code]X440-G2-RH-01.9 # sh xml-notification statistics
    Target Name : netsight-target_172.18.1.50
    Server URL : https://172.18.1.50:8443/axis/services/event
    Server Queue Size : 100
    Enabled : yes
    Connection Status : fail
    Events Received : 5
    Connection Failures : 3
    Events Sent Success : 0
    Events Sent Failed : 5
    Events Dropped : 0[/code]X440-G2-RH-01.14 # sh ssl
    HTTPS Port Number: 443 (Enabled)
    Signature Algorithm configured: sha512 With RSA Encryption
    Private Key matches the Certificate's public key.
    RSA Private Key: 2048
    Certificate:
    Data:
    Version: 3 (0x2)
    Serial Number: 0 (0x0)
    Signature Algorithm: sha512WithRSAEncryption
    Issuer: C=US, O=Extreme Networks, CN=mX440-G2-RH-01
    Validity
    Not Before: Jul 10 12:59:02 2017 GMT
    Not After : Jul 10 12:59:02 2018 GMT
    Subject: C=US, O=Extreme Networks, CN=mX440-G2-RH-01
    Manufacturing certificate: Present[/code]

    In my lab I found the same issue: With the SAME config, on EXOS 21 it can't connect to EMC, but booting to the EXOS 22 it works fine.

    The community and gtacknowledge posts said it works since EXOS 15, and I can't upgrade to EXOS 22 until the next customer maintenance window.

    Any ideas?

    Regards,

    -Leo



  • 12.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-09-2016 12:43
    Wow...sorry this one has fallen through the cracks Leo.

    We'll make sure we get you a response here.


  • 13.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-22-2016 14:29
    Hi Stephen,

    I think there is a typo regarding the SSH module in the article. You wrote:
    EXOS 16.2 and 21.1 and older have SSH already installed.
    Should it not be EXOS 16.2 and 21.1 and newer have SSH already installed?

    Thanks,
    Erik


  • 14.  RE: X460-G2 & Policy Manager: End User Sessions Username missing

    Posted 08-22-2016 14:29
    Thanks, good catch! It's fixed now.