Reset Search



How to use EXOS and IDM to see end-systems in Netsight without NAC

« Go Back


TitleHow to use EXOS and IDM to see end-systems in Netsight without NAC
To configure a EXOS switch to see Identity Management information in Netsight without the requirement of a NAC.

If you have NAC please reference this article: How to configure Identity Management for XoS in NAC Manager
  • Extreme Management (Netsight)
  • EXOS switch
  • Identity Management (IDM)
  • EXOS 15.1+
  • Active Directory
User-added image

  • XOS Identity manager is supported on all XOS devices.  It is important to follow the IDM Configuration guidelines.
  • XOS version 15.1 or better is recommended for IDM configuration with NetSight.
Note: XML notifications are sent incorrectly only in but fixed in 22.2.  Avoid using EXOS if using this article.
  • The XOS SSH module is required to be installed in order to support communication with NetSight.  EXOS 16.2, 21.1 and newer have SSH already installed. 
  • NetSight 6.2 is the minimum version required to support the XOS Identity Manager information.
  • Switch has been configured with basic configuration, including standard IP addressing based on diagram, and SNMP configured.
  • EXOS switch is already discovered in Netsight.
  EXOS Steps:
  1. Configuring and enabling Identity Manager
Note: The ports you are adding to IDM should not include the port connecting to your AD.  In this example of a 24 port switch you would use ports 2-24
configure identity-management add ports <port_list | all>
configure identity-management kerberos snooping add server
enable identity-management
The command "show xml-notification statistics" will confirm your current configuration.
  1. SSL  --  Assuming that the SSH Module has been loaded, the following commands will enable SSL, which is required for IDM information to be sent to NetSight:
enable ssh2
configure ssl certificate privkeylen <1024-4096> country <Country_code> organization <Organization> common-name <common-name>
Note: The command "show ssl" will show you the SSL configuration has been setup.
User-added image
  1. XML Notifications  --  The below configuration needs to be added to the switch to allow for the Identity management information to be sent to NetSight, based on the NetSight topology in this guide.
Explanation of the below commands.
  • is the IP address of Netsight
  • is the IP address of the switch sending information to NetSight
  • In the second  command "user netsight" is the user sending information to NetSight.  This user has to be a Netsight user with admin privileges that is capable of accessing the NetSight OneView interface.  The password will be entered after submitting the command.
create xml-notification target netsight_192.168.1.98 url vr VR-Default
configure xml-notification target netsight_192.168.1.98 user netsight
configure xml-notification target netsight_192.168.1.98 from
enable xml-notification netsight_192.168.1.98
configure xml-notification target netsight_192.168.1.98 add idMgr

Note:  Once the XML configuration has been setup, you can view that this information is being sent to NetSight by running the command:
show xml-notification statistics
User-added image

Now that EXOS is configured you should now be able to login to Netsight and see the End-Systems through OneView.
User-added image         User-added image
Additional notes
The output below should display devices authenticating to AD:

User-added image




Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255