This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- "User Name" column is empty in ExtremeControl - Is...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
"User Name" column is empty in ExtremeControl - Is enabling identity management our only option?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-03-2019 08:14 PM
We are using MAC authentication with ExtremeControl and x440-G2 and x460-G2 switches. All columns are populated in the End Systems screen except "User Name". I was told that 802.1x authentication or having users register via a captive portal are two ways to populate that field, but we aren't going to be using either of those. We had previously dabbled with identity management, but had to disable it due to a bug (xos0074493) which is supposedly fixed in XOS 30.2 (not sure we are daring enough to jump to that yet). Is there any way to populate the "User Name" column since we aren't using 802.1x, a captive portal, or enabling identity management at this time? I heard talk of kerberos snooping, but that looks to require identity management.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-06-2019 11:49 PM
Hello,
I don't have any documentation on detailed steps to set it up.
By default eth0 of the Control appliance should have DHCP/Kerberos snooping enabled. The requirement would be that the network mirror all kerberos (port 88) traffic into the NAC's eth0, or you can split out and use eth1 for DHCP/Kerberos snooping as well.
From the perspective of control the Kerberos snooping configuration is already enabled by default.
It depends on how the Control appliance is situated in your network and if it would be possible to mirror a centralized link that has all Kerberos traffic.
Thanks
-Ryan
I don't have any documentation on detailed steps to set it up.
By default eth0 of the Control appliance should have DHCP/Kerberos snooping enabled. The requirement would be that the network mirror all kerberos (port 88) traffic into the NAC's eth0, or you can split out and use eth1 for DHCP/Kerberos snooping as well.
From the perspective of control the Kerberos snooping configuration is already enabled by default.
It depends on how the Control appliance is situated in your network and if it would be possible to mirror a centralized link that has all Kerberos traffic.
Thanks
-Ryan
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-06-2019 11:49 PM
Hello,
I don't have any documentation on detailed steps to set it up.
By default eth0 of the Control appliance should have DHCP/Kerberos snooping enabled. The requirement would be that the network mirror all kerberos (port 88) traffic into the NAC's eth0, or you can split out and use eth1 for DHCP/Kerberos snooping as well.
From the perspective of control the Kerberos snooping configuration is already enabled by default.
It depends on how the Control appliance is situated in your network and if it would be possible to mirror a centralized link that has all Kerberos traffic.
Thanks
-Ryan
I don't have any documentation on detailed steps to set it up.
By default eth0 of the Control appliance should have DHCP/Kerberos snooping enabled. The requirement would be that the network mirror all kerberos (port 88) traffic into the NAC's eth0, or you can split out and use eth1 for DHCP/Kerberos snooping as well.
From the perspective of control the Kerberos snooping configuration is already enabled by default.
It depends on how the Control appliance is situated in your network and if it would be possible to mirror a centralized link that has all Kerberos traffic.
Thanks
-Ryan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-05-2019 08:05 PM
Do you have a link to the steps to set that up? What I had seen involved the "enable identity-management" command which is then what can trigger an issue related to bug xos0074493.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā07-03-2019 09:20 PM
Hello,
Kerberos snooping on the Control appliance without identity management. The difference is that Identity Management can capture the Kerberos information at the port and sent it though an XML notification while the Control's kerberos solution requires that all Kerberos traffic be mirrored into the Control's eth port.
Control will snooping kerberos traffic and update end systems accordingly. You can create rules based on Kerberos as well. The requirement is that the traffic must be mirrored to Control.
Thanks
-Ryan
Kerberos snooping on the Control appliance without identity management. The difference is that Identity Management can capture the Kerberos information at the port and sent it though an XML notification while the Control's kerberos solution requires that all Kerberos traffic be mirrored into the Control's eth port.
Control will snooping kerberos traffic and update end systems accordingly. You can create rules based on Kerberos as well. The requirement is that the traffic must be mirrored to Control.
Thanks
-Ryan
