Reset Search
 

 

Article

How to configure Identity Management for XoS in NAC Manager

« Go Back

Information

 
TitleHow to configure Identity Management for XoS in NAC Manager
Objective
How to configured Identity Management for XoS in NAC Manager.

If you need to configureIDM for use without NAC  (Using Extreme Management Center), please reference this article: How to use EXOS and IDM to see end-systems in Netsight without NAC
Environment
  • NetSight Suite NAC Manager
  • XoS Identity Management
Procedure

To run the Identity Management — Configuration script on a device:

  1. Open the Devices tab in OneView
  2. Right-click a Summit series or Black Diamond series switch in the Devices table or in the Device Groups left-hand panel
  3. Select the Identity Management — Configuration script in the Scripts > Identity and Access menu. The Run Script window opens
  4. On the Device Selection tab, the selected device is automatically included. Use the arrows to add additional devices or remove devices and to control the order of the selected devices
  5. Click Next
  6. On the Overview tab of the Device Settings tab, set the configuration properties for the script. If desired, click the Description tab to view the description defined for the script.
        NOTE:    In order to give elevated access to users when using the Kerberos authentication type on the device, the Target Server Type must be nac to allow the NAC appliance to learn the Kerberos traffic.
  • Stop on error? — Indicates whether the script stops if an error occurs
  • Target Server IP Address — The IP address to which notifications are sent
    • Entering a value of $serverIP automatically enters the IP address of the NetSight server IP
    • Enter the IP address of the NAC appliance if using the Extreme Network NAC solution
  • Target Server Type — Selecting netsight monitors the IP, username, and port of the user accessing the device. Users with the Extreme Network NAC solution can select nac, which provides you with the ability to run Kerberos authentication (if enabled) on the device
  • Target Server Username — The username of the user to which the web service request is made
  • Target Server Password — The password of the user to which the web service request is made
  • Target Server HTTPs Port — The port that the NetSight server or NAC appliance uses for HTTPS communication. The default port is 8443, but if the port was changed when configuring the NetSight server or NAC appliance, enter the custom port used
  • XML Target Name — The name of the targets on the switch to which IDM events are sent. Using the default predefined XML Target Name creates a unique name for each server
  • Choose Action — The action that occurs on the device when the script is run
    • Enable ID Monitoring — This option sets up the XML notification, configures ports for Identity Management (if specified), and enables or disables ports for devices you can use with Identity Management
    • Manage Ports — This option only configures ports for Identity Management (if specified)
  1. On the Run-Time Settings tab, set the run-time settings for the script
    • Save configuration in the background after running script successfully — Device configuration is saved after the script is run
    • Timeout if script is not completed on each device (in seconds) — The amount of time in seconds before a timeout occurs if a device does not respond
    • Run now, don’t save as a task — Select to run the script now and do not save the script as a task
    • Save as a task and run now — Select to run the script now and save it as a task. Type a name for the task in the Task Name box below. The task appears on the Script Tasks tab
    • Save as task. I’ll run later — Select to save running the script as a task. The script does not run at this time. Type a name for the task in the Task Name box below. The task appears on the Script Tasks tab
  2. Click Next. On the Verify Run Script tab, verify your script selections, and then click Next
  3. Click Next

  4. On the Results tab, you see the results of the script including any errors
  5. Click Close
Additional notes
If you're trying to enable IDM so the end device's IP shows up in NAC, you will also need to do the below steps.
  1. Enable IDM as the above steps just configures it.
    1. enable identity-management
    2. configure identity-management add ports <client_port_list>
  2. Enabled DHCP snooping.
    1. enable ip-security dhcp-snooping <vlan> ports all violation-action none

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255