This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IdMgr.MoveIdFmEnblToDsblPort Log messages

IdMgr.MoveIdFmEnblToDsblPort Log messages

Justsomebodi
New Contributor III

‎02-10-2017 02:35 PM

Hi Does anyone have an idea what caused this message

Slot-1: Moved the identity "Unknown_xx-xx-xx-xx" with MAC address xx:xx:xx:xx, detected by none, from Identity management enabled port x:x to disabled port 0:2.

The customer has started seeing these on the network. I am aware it is caused by MAC moves According to this

http://documentation.extremenetworks.com/ems_catalog_16/EMS_Messages/idmgmt/IdMgr_MoveIdFmEnblToDsbl...

but has anyone else found something else that causes it? The customer has IDM enabled and uses UPM scripts.
4 REPLIES 4

Yves_Haslimann
New Contributor III

‎04-06-2017 12:09 PM

I have got the same issue.

In my network its occured when I've enabled IDM on a switchport on which an access point is connected. IDM detects the username (Kerberos) on an access port and access point the same time, and it seems that's not working.
0 Kudos

Michal_Rz
New Contributor III

‎03-02-2017 12:43 PM

I have got the same issue, its occured when I enabled IDM on switch. It came out that I have two hosts with the same MAC and IP address on network on different locations.

"Identity management enabled port" was access port
and "disabled port x" was uplink with didnt have IDM enabled.
0 Kudos

Tripathy__Priya
Extreme Employee

‎02-16-2017 07:45 AM

Please let us know if the provided information is enough for you t o understand the possible cause of this log message. If you have any further queries then let us know.

0 Kudos

Tripathy__Priya
Extreme Employee

‎02-12-2017 01:05 AM

Actually for Kerberos snooping, clients must have a direct layer 2 connection to the switch; that is, the connection must not cross a layer3 boundary. If the connection does cross a layer3 boundary, the gateway's MAC address gets associated with the identity which in return may cause this messages. As you said customer has already enabled id management on the ports as well the UPM script hence you can always look into the type of events being generated at the time of issue.

Basically Identity management events generate corresponding UPM events. The UPM events that are generated include:

● IDENTITY-DETECT
● IDENTITY-UNDETECT
● IDENTITY-ROLE-ASSOCIATE
● IDENTITY-ROLE-DISSOCIATE

But not sure if these log messages are still noticed because Kerberos identities will be cleared immediately if the Aging timer is not configured else it will be cleared after Aging timer is expired for this Kerberos identity.

Hope this helps..........

0 Kudos
GTM-P2G8KFN