Reset Search
 

 

Article

How to use EXOS and IDM to see end-systems in Netsight without NAC

« Go Back

Information

 
TitleHow to use EXOS and IDM to see end-systems in Netsight without NAC
Objective
To configure a EXOS switch to see Identity Management information in Netsight without the requirement of a NAC.
Environment
  • Extreme Management (Netsight)
  • EXOS switch
  • Identity Management (IDM)
  • EXOS 51.1+
  • Active Directory
 
Topology:
User-added image

 
Procedure
Prerequisites:
  • XOS Identity manager is supported on all XOS devices.  It is important to follow the IDM Configuration guidelines.
  • XOS version 15.1 or better is recommended for IDM configuration with NetSight.
  • The XOS SSH module is required to be installed in order to support communication with NetSight.  EXOS 16.2, 21.1 and newer have SSH already installed. 
  • NetSight 6.2 is the minimum version required to support the XOS Identity Manager information.
  • Switch has been configured with basic configuration, including standard IP addressing based on diagram, and SNMP configured.
  • EXOS switch is already discovered in Netsight.
  EXOS Steps:
  1. Configuring and enabling Identity Manager
Note: The ports you are adding to IDM should not include the port connecting to your AD.  In this example of a 24 port switch you would use ports 2-24
configure identity-management add ports <port_list | all>
configure identity-management kerberos snooping add server 192.168.1.97
enable identity-management
The command "show xml-notification statistics" will confirm your current configuration.
 
  1. SSL  --  Assuming that the SSH Module has been loaded, the following commands will enable SSL, which is required for IDM information to be sent to NetSight:
enable ssh2
configure ssl certificate privkeylen <1024-4096> country <Country_code> organization <Organization> common-name <common-name>
Note: The command "show ssl" will show you the SSL configuration has been setup.
User-added image
  1. XML Notifications  --  The below configuration needs to be added to the switch to allow for the Identity management information to be sent to NetSight, based on the NetSight topology in this guide.
Explanation of the below commands.
  • 192.168.1.98 is the IP address of Netsight
  • 192.168.1.132 is the IP address of the switch sending information to NetSight
  • In the second  command "user netsight" is the user sending information to NetSight.  This user has to be a Netsight user with admin privileges that is capable of accessing the NetSight OneView interface.  The password will be entered after submitting the command.
 
create xml-notification target netsight_192.168.1.98 url https://192.168.1.98:8443/axis/services/event vr VR-Default
configure xml-notification target netsight_192.168.1.98 user netsight
configure xml-notification target netsight_192.168.1.98 from 192.168.1.132
enable xml-notification netsight_192.168.1.98
configure xml-notification target netsight_192.168.1.98 add idMgr

Note:  Once the XML configuration has been setup, you can view that this information is being sent to NetSight by running the command:
 
show xml-notification statistics
User-added image


 
Now that EXOS is configured you should now be able to login to Netsight and see the End-Systems through OneView.
 
User-added image         User-added image
Additional notes
The output below should display devices authenticating to AD:

User-added image


 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255