Identity-management shows only few users and hostnames per stack - how to made it to show them all?

  • 0
  • 1
  • Problem
  • Updated 1 year ago
  • Solved
Hello, everybody!

I have a stack of 5 summits X460-48t where identity-management was enabled yesterday. Almost all the ports are enabled and client PCs (Windows, domain members) are connected to them. In about 12 hours I got approximately 30 entries (please, see the attached jpg), however, most of the ports are still "unauthenticated".

Is there any solution how to see windows username and hostname of the active PC, attached to the port? Now I see only domain, hostname, IP and MAC. But why do I see just few of them? There are about 250 ports total in the stack!

Please, share your ideas about the issue.

Many thanks in advance,

Ilya

Photo of Ilya Semenov

Ilya Semenov

  • 4,408 Points 4k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Tony Thornton

Tony Thornton, Extreme Alumnus

  • 1,412 Points 1k badge 2x thumb
Hi Illya,

Do you see the information you are looking for if you enter the command "show identity-management entries detail"?

From the CLI reference guide:

The displayed Domain Name is displayed only if the client is discovered through Kerberos snooping or Dot1x and the domain name is supplied in the form of domain\user). The NetBIOS hostname is only displayed if this information was present in the Kerberos packets.


Regards
Tony
Photo of Ilya Semenov

Ilya Semenov

  • 4,384 Points 4k badge 2x thumb
Hello, Tony!

Thank you for reply. It's very uncomfortable to get info from ~240 ports with "show identity-management entries detail" command because of huge output, strings from "show identity-management entries" are much better, it's just compact.

At the moment, I've partially solved the problem by adding IPs of all Active Directory DCs. Now it's about hundred ports for which I can see IP, MAC, domain and hostname per stack.

The strange things remain - from hundred authenticated hosts there are only few with accountName. I mean, for most ports I see IP, MAC, domainname, hostname, but very rare - usernames like DOMAIN\username.

There is a question appeared: may I bring the collected data to Netsight\OneView? It would be better to work with this data in browser...

Thank you very much! 
Photo of Tony Thornton

Tony Thornton, Extreme Alumnus

  • 1,412 Points 1k badge 2x thumb
Illya,

You're welcome.  I assume you may be able to get this information in a Flexview in OneView.  However, I don't know how to do that.  Maybe another forum user may be able to help with that.

Regards
Tony