Deploying an Identity Aware Network
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Extreme Networks Application Note
Below is the sample script used to block all traffic originating from the device.
* Slot-1 Stack.290 # show configuration “upm”
#
# Module upm configuration.
#
create upm profile unauth-hostnames
enable cli scripting
configure cli mode non-persistent
if (!$match($EVENT.LOG _ EVENT,RecvKerberosTrig)) then
if ($match($EVENT.LOG _ PARAM _ 6,PRIMECORP) <= 9) then
create access-list block _ computer _ $EVENT.LOG _ PARAM _ 6 “ethernet-source-address
$EVENT.LOG _ PARAM _ 3 “ “deny ;count unauthorized _ devices”
configure access-list add block _ computer _ $EVENT.LOG _ PARAM _ 6 first ports $EVENT.
LOG _ PARAM _ 4
endif
endif
.
5.3.2.2. Verifying Profile Triggers and Results of the Script
When the device is discovered via Kerberos snooping, the following information will be available in the EMS logs.
* Slot-1 Stack.284 # show log chronological
04/07/2010 00:45:23.97 <Verb:IdMgr.RecvKerberosTrig> Slot-1: Kerberos Discover trigger for
john _ smith@PRIMECORP/00:11:43:BF:6A:D0/1:2/1000014, IP 4.4.4.175, NB host “JS-PERSONAL”
04/07/2010 00:45:23.97 <Info:IdMgr.ReauthId> Slot-1: Identity “PRIMECORP\john _ smith” with MAC
00:11:43:BF:6A:D0, auth method netloginMac, reauthenticated on port 1:2
04/07/2010 00:45:23.98 <Noti:UPM.Msg.upmMsgExshLaunch> Slot-1: Launched profile unauth-hostnames
for the event log-message
NOTES
From the events, that, the IdMgr.RecvKerberosTrig event contains the MAC address (00:11:43:BF:6A:D0) of the device, Port (1:2) on
which it was discovered, and the NetBIOS hostname (JS-PERSONAL) which was snooped from the Kerberos packets. Further, it is
important to note that the UPM profile “unauth-hostnames” was executed/launched for the even log-message.
The following commands provide the status of execution of the UPM scripts:
* Slot-1 Stack.285 # show upm history
--------------------------------------------------------------------------------
Exec Event/ Profile Port Status Time Launched
Id Timer/ Log filter
--------------------------------------------------------------------------------
16 Log-Message(kerberos unauth-hostname --- Pass 2010-04-07 00:45:23
--------------------------------------------------------------------------------
Number of UPM Events in Queue for execution: 0
* Slot-1 Stack.286 # show upm history detail
UPM Profile: unauth-hostnames
Event: Log-Message(kerberosevents)
Profile Execution start time: 2010-04-07 00:45:23
Profile Execution Finish time: 2010-04-07 00:45:24
Execution Identifier: 16 Execution Status: Pass
© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 63