Header Only - DO NOT REMOVE - Extreme Networks

Is nodealias coming to XOS ?

  • 1 September 2016
  • 19 replies
  • 627 views

Userlevel 1
I have used netsight almost everyday for the last 5 years to manage our network. Compass and nodealias was one of my best tools to trace workstations/printers/servers using mac address or ip address to ports with ease.

Now that we a migrating our enterasys xos c3/c5 fleet to x460-g2s I am getting frustrated that I cannot search for devices like i used to.

fdb is only helpfull up to a point, the entry times out after the device looses connection with the network.

19 replies

Userlevel 5
Tino,

As you move into XOS, you can enable identity manager on the switch to provide Netsight the same information (MAC, IP and User Name). If you are running the Netsight 6.3 or later there is a new option in "Scripting" and then selecting "Identity and Access". -> "Identity Management - Configuration" - If you run the script, select the switches you want to enable on --> You fill out the user/pass for your Netsight server. set the ports (end user ports only) and set the virtual-router (usually vr-default). Run the script and it will setup IDM on the XOS switch and then push end-station information directly into Netsight and consequently be able to search in Compass. if you want to see it on the switch, run the command "show identity-management entries". If you are running version 21.1.x you will need 21.2 as some change in 21.1 and ssh broke the interface. You can see if the switch is talking to Netsight by using the command "show xml-notification status" - if connected you are good.

Give it a shot and let me know if you have a questions.

Bill
Userlevel 6
Tino,

As you move into XOS, you can enable identity manager on the switch to provide Netsight the same information (MAC, IP and User Name). If you are running the Netsight 6.3 or later there is a new option in "Scripting" and then selecting "Identity and Access". -> "Identity Management - Configuration" - If you run the script, select the switches you want to enable on --> You fill out the user/pass for your Netsight server. set the ports (end user ports only) and set the virtual-router (usually vr-default). Run the script and it will setup IDM on the XOS switch and then push end-station information directly into Netsight and consequently be able to search in Compass. if you want to see it on the switch, run the command "show identity-management entries". If you are running version 21.1.x you will need 21.2 as some change in 21.1 and ssh broke the interface. You can see if the switch is talking to Netsight by using the command "show xml-notification status" - if connected you are good.

Give it a shot and let me know if you have a questions.

Bill
I found this KB in the weekly new GTAC knowledge articles post which covers this in more detail.

Personally I use NAC for this since I've turned on MAC auth for all switch ports.
Userlevel 1
Tino,

As you move into XOS, you can enable identity manager on the switch to provide Netsight the same information (MAC, IP and User Name). If you are running the Netsight 6.3 or later there is a new option in "Scripting" and then selecting "Identity and Access". -> "Identity Management - Configuration" - If you run the script, select the switches you want to enable on --> You fill out the user/pass for your Netsight server. set the ports (end user ports only) and set the virtual-router (usually vr-default). Run the script and it will setup IDM on the XOS switch and then push end-station information directly into Netsight and consequently be able to search in Compass. if you want to see it on the switch, run the command "show identity-management entries". If you are running version 21.1.x you will need 21.2 as some change in 21.1 and ssh broke the interface. You can see if the switch is talking to Netsight by using the command "show xml-notification status" - if connected you are good.

Give it a shot and let me know if you have a questions.

Bill
Thank you for that.
Userlevel 1
I will give this a go and feed back. Thank you very much for the prompt awnser.
Userlevel 6
Badge
Hi,
nodealias is a very good and easy mechanism on EOS Switches to provide MAC / IP / Hostname (via Compass and NAC).

Identity Manager on EXOS is compareable but have one bid disadvantage! EXOS need absolutely an IP Address on every vlan (where information will snooped). in a standard config a L2 switch does NOT have IPs in all VLANs. And the most customers are not willing to give all L2 Switches IPs in all VLANs.

So from this point of view i hope (and wait) that Extreme will implement / enhance IM in the same way as EOS nodealias will getting this information!

Regards
Userlevel 1
Bill do you know when 21.2 is being release ... I am runnning 21.1.1.4 patch 5
Userlevel 6
Badge
Bill do you know when 21.2 is being release ... I am runnning 21.1.1.4 patch 5Does 21.2. anything changes regarding IDM or nodealias ?
Userlevel 1
Bill do you know when 21.2 is being release ... I am runnning 21.1.1.4 patch 5According to Bill If you are running version 21.1.x you will need 21.2 as some change in 21.1 and ssh broke the interface.
Userlevel 5
Bill do you know when 21.2 is being release ... I am runnning 21.1.1.4 patch 5In 21.1-patch1-5 there is a bug with XML notification (requiring SSH) that is fixed in 21.2 or a later patch.
Userlevel 1
Bill do you know when 21.2 is being release ... I am runnning 21.1.1.4 patch 5thanks Bill, do we know when that will be available as I can only see 21.1-patch1-5
Bill do you know when 21.2 is being release ... I am runnning 21.1.1.4 patch 5Tino, 21.2.1 has a tentative planned target date of sometime in November, which is subject to change. If you are not already, please sign up for notifications via the Extreme Networks Notifications Service and pick the items you want to be updated on, in this case the ExtremeXOS operating system. Then you will get emailed when the new release comes out.
Userlevel 1
Bill do you know when 21.2 is being release ... I am runnning 21.1.1.4 patch 5Nice! While I was there I signed up for netsight and analytics as well.

Thanks for the update.
Userlevel 3
with IDM, if you are after IP-MAC binding without an IP address on the vlan interface [e.g. without leveraging the ARP table of the switch], enabling DHCP snooping [part of IP security] should do the trick.

The following table in the 21.1 userguide [Table 86: Identity (User/Device) Attributes and Source Software Components] provides which features can be leveraged to get specific information.

note that you can be in 15.x and still leverage DHCP snooping to get the IP-MAC binding.
Having an IP interface on the vlan should not be necessary.
Userlevel 6
Badge
with IDM, if you are after IP-MAC binding without an IP address on the vlan interface [e.g. without leveraging the ARP table of the switch], enabling DHCP snooping [part of IP security] should do the trick.

The following table in the 21.1 userguide [Table 86: Identity (User/Device) Attributes and Source Software Components] provides which features can be leveraged to get specific information.

note that you can be in 15.x and still leverage DHCP snooping to get the IP-MAC binding.
Having an IP interface on the vlan should not be necessary.
Nice trick to use DHCP snooping to get this information! That really new to me!

But at my last 2 customer szenarios i have manufacturing systems with static IPs. This lead that IDM doesn not see anything.

If i understand EOS nodealias correctly looks in some special parts of the packet header and gather the needed information like IP / MAC / Hostname. That work nearly everywhere - there is nothing to keep in mind - it will be very nice of IDM will can do that in the same way in a near furture version!

Regards
Any update on this...?
Userlevel 3
There is an open feature request for this.
Userlevel 3
https://community.extremenetworks.com/extreme/topics/extremexos-22-2-is-now-available

Enhance Ease of Use & Serviceability Capabilities
  • Node Alias MIB Discovery of end systems' VLANID, Source MAC, Source IP, Protocol etc. on a per-port basis.
Userlevel 1
Nice! Thanks for informing us Jan.
Is there any chance that this feature will also come to G1 devices (EXOS 16.x)?

Reply