Deploying an Identity Aware Network

Recommendations

Info

Extreme Networks Application Note<authMethod>na</authMethod><securityProfile/><securityViolations/><logonStatus>loggedOn</logonStatus><logonTime>1269564501233</logonTime><logOutTime>0</logOutTime><authFailTime>0</authFailTime><vlanInfo><vlan><name>corp</name><ipAddress>192.168.0.155</ipAddress></vlan></vlanInfo><modificationTimestamp>1269564501235</modificationTimestamp></location></object><object xsi:type=”ns2:UserIdentityData”><datasetType>active</datasetType><userName>john _ smith</userName><domain>PRIMECORP</domain><portList>13</portList><modificationTimestamp>1269525752997</modificationTimestamp><eventType>na</eventType><authProtocolsUsed>netloginDot1x</authProtocolsUsed><numOfLocations>1</numOfLocations><creationTimestamp>1269525520047</creationTimestamp><location><port>13</port><portDisplayString/><macAddress>00:0d:88:68:8f:cc</macAddress><lldpCapabilityInfo>0</lldpCapabilityInfo><netBiosHostName/><kerberosSnooping>false</kerberosSnooping><authMethod>netloginDot1x</authMethod><securityProfile/><securityViolations/><logonStatus>loggedOn</logonStatus><logonTime>1269525752979</logonTime><logOutTime>0</logOutTime><authFailTime>0</authFailTime><vlanInfo><vlan><name>corp</name><ipAddress>192.168.0.156</ipAddress></vlan></vlanInfo><modificationTimestamp>1269525788259</modificationTimestamp></location></object><object xsi:type=”ns2:UserIdentityData”><datasetType>active</datasetType><userName>john _ smith</userName><domain>PRIMECORP.COM</domain><portList>13</portList><modificationTimestamp>1269562521505</modificationTimestamp><eventType>na</eventType><authProtocolsUsed>none</authProtocolsUsed><numOfLocations>1</numOfLocations>© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 60
Extreme Networks Application Note<creationTimestamp>1269562521505</creationTimestamp><location><port>13</port><portDisplayString/><macAddress>00:0d:88:68:8f:cc</macAddress><lldpCapabilityInfo>0</lldpCapabilityInfo><netBiosHostName>WORKSTATION1</netBiosHostName><kerberosSnooping>true</kerberosSnooping><authMethod>na</authMethod><securityProfile/><securityViolations/><logonStatus>loggedOn</logonStatus><logonTime>1269562521505</logonTime><logOutTime>0</logOutTime><authFailTime>0</authFailTime><vlanInfo><vlan><name>corp</name><ipAddress>192.168.0.156</ipAddress></vlan></vlanInfo><modificationTimestamp>1269562521505</modificationTimestamp></location></object></objects></switch:getResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>5.2.2. Receiving Unsolicited Identity Events from Edge SwitchesThe previous section explored the method by which an application can periodically monitor for identities being tracked byan edge switch. However in some scenarios, it might be required to receive real-time events about identities from the edgeswitch. This also alleviates the polling/monitoring overhead in the application.ExtremeXOS switches can act as clients and can publish events to preconfigured application servers. Recollect from earlierdiscussions that EPICenter is such an application that can receive unsolicited identity events from edge switches in thenetwork. In order to achieve this, the XML client process will need to be configured on the edge switch. The followinginformation will be required to complete the configuration of XML Client process on the edge switch.Target NameURLCredentialsHelps in uniquely identifying a target application when more than one application is to beintegrated with the XML Client process in ExtremeXOS.For e.g. monitor-authentication-failuresURL of the application to be integrated with, in the network.For e.g. https://10.127.4.202/authfailuresUsername and Password to authenticate with the application. These parameters are notrequired if authentication with the application is not required.For this example, we will consider that no authentication is required for the application.create xml-notification target monitor-authentication-failures urlhttp://10.127.4.202/authfailuresconfigure xml-notification target monitor-authentication-failures user noneenable xml-notification monitor-authentication-failuresconfigure xml-notification target monitor-authentication-failures add idMgr© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 61
Page 1 and 2:
Extreme Networks Application NoteDe
Page 3 and 4:
Extreme Networks Application NoteTa
Page 5 and 6:
Extreme Networks Application Note3.
Page 7 and 8:
Extreme Networks Application Note4.
Page 9 and 10: Extreme Networks Application Note4.
Page 11 and 12: Extreme Networks Application Noteco
Page 13 and 14: Extreme Networks Application NoteSt
Page 31 and 32: Extreme Networks Application NoteTh
Page 35 and 36: Extreme Networks Application Note©
Page 39 and 40: Extreme Networks Application NoteDe
Page 59: Extreme Networks Application Note<r
Page 63 and 64: Extreme Networks Application NoteBe
Page 65 and 66: Extreme Networks Application Note*
Page 67 and 68: Extreme Networks Application NoteTo
show all

Deploying an Identity Aware Network

Create successful ePaper yourself

Delete template?

Save as template?