cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

XOS: netlogin on sharing ports

XOS: netlogin on sharing ports

M_Nees
Contributor III
Hi extreme-networks folks,

i want to get some ideas and statements regarding the need of the following feature:

"netlogin on sharing ports"

currently this is not possible (on XOS, EOS support that)!

To attach a server redundant to a switch i use sharing. To authenticate and for documentation issues i use Authentication (netlogin). So from my point of view is very clear to use both feature on the same port. But currently this is not possible.

What do you think about that ?

14 REPLIES 14

M_Nees
Contributor III
Just a second short update!

It is very important that sharing is enabled first! And after that netlogin as a second step (on the sharing master Port only!)

My customer uses Default Policies on every port - so this have to be removed also and than bind after sharing is done to the master port only.

If you wrap the sequence you get these errors: * 10.1.1.206.32 # enable sharing 1 grouping 1-2 algorithm address-based L3_L4 lacp
Error: Load sharing cannnot be enabled on ports (1) configured for Network LogIn
* 10.1.1.206.33 # If there is a Policy bind to the ports: 10.1.1.206.19 # enable sharing 1 grouping 1-2 algorithm address-based L3_L4 lacp
Error: Load sharing cannnot be enabled on ports (1) configured for Policy Convergence Endpoint (convergence-endpoint) or Admin Profile (admin-profile) rules
10.1.1.206.20 # Regards

M_Nees
Contributor III
Just a short update.

Starting with EXOS 22.2 netlogin on sharing ports are possible:
https://gtacknowledge.extremenetworks.com/articles/Q_A/Is-Netlogin-supported-on-lag-ports

Starting with EXOS 22.4 netlogin on m-LAG ports are possible.

Volker_Kull
Contributor
Hello !

In case of future requirements for automation and SDN this funktion will be essential for all this activities. Using NAC/NMS fĆ¼r authentication of servers you can trigger there a lot of actions helping to get a platform for automation on the complete IT infrastructure like the SDN vision.
There will be no difference between access and datacenter ports. ItĀ“s important to have the possibility to use all ports in the same way: authenticate, authorise and trigger actions based on the information from IT infrastructure (NMS, NAC, PV, 3rd-party, ...).

br
Volker

dflouret
Extreme Employee
What about Identity Management? It can detect identities through:
- FDB
- IPARP
- IPSecurity DHCP Snooping
- LLDP
- Netlogin
- Kerberos

This information can then be sent to NetSight to populate the user/host field in Identity and Access entries.

There's a script in NetSight to do this:
#######################################################################################
## The following configuration can be pushed from NetSight OneView Device IDM Script ##
#######################################################################################
enable identity-management
configure identity-management add ports
create xml-notification target netsight-target_ url https://
IP>:8443/axis/services/event vr VR-Mgmt
configure xml-notification target netsight-target_ user root
enable xml-notification netsight-target_
configure xml-notification target netsight-target_ add idMgr
#######################################################################################

GTM-P2G8KFN