We are using MAC authentication with ExtremeControl and x440-G2 and x460-G2 switches. All columns are populated in the End Systems screen except "User Name". I was told that 802.1x authentication or having users register via a captive portal are two ways to populate that field, but we aren't going to be using either of those. We had previously dabbled with identity management, but had to disable it due to a bug (xos0074493) which is supposedly fixed in XOS 30.2 (not sure we are daring enough to jump to that yet). Is there any way to populate the "User Name" column since we aren't using 802.1x, a captive portal, or enabling identity management at this time? I heard talk of kerberos snooping, but that looks to require identity management.
Best answer by Ryan Yacobucci
I don't have any documentation on detailed steps to set it up.
By default eth0 of the Control appliance should have DHCP/Kerberos snooping enabled. The requirement would be that the network mirror all kerberos (port 88) traffic into the NAC's eth0, or you can split out and use eth1 for DHCP/Kerberos snooping as well.
From the perspective of control the Kerberos snooping configuration is already enabled by default.
It depends on how the Control appliance is situated in your network and if it would be possible to mirror a centralized link that has all Kerberos traffic.