Deploying an Identity Aware Network
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Extreme Networks Application Note
Execution Information:
2 # enable cli scripting
3 # configure cli mode non-persistent
4 # set var EVENT.NAME LOG _ MESSAGE
5 # set var EVENT.LOG _ FILTER _ NAME “kerberosevents”
6 # set var EVENT.LOG _ DATE “04/07/2010”
7 # set var EVENT.LOG _ TIME “01:39:23.44”
8 # set var EVENT.LOG _ COMPONENT _ SUBCOMPONENT “IdMgr”
9 # set var EVENT.LOG _ EVENT “RecvKerberosTrig”
10 # set var EVENT.LOG _ SEVERITY “Debug-Verbose”
11 # set var EVENT.LOG _ MESSAGE “Kerberos %0% trigger for %1%@%2%/%3%/%4%/%5%, IP %7%, NB host
‘%6%’”
12 # set var EVENT.LOG _ PARAM _ 0 “Discover”
13 # set var EVENT.LOG _ PARAM _ 1 “john _ smith”
14 # set var EVENT.LOG _ PARAM _ 2 “PRIMECORP”
15 # set var EVENT.LOG _ PARAM _ 3 “00:11:43:BF:6A:D0”
16 # set var EVENT.LOG _ PARAM _ 4 “1:2”
17 # set var EVENT.LOG _ PARAM _ 5 “1000014”
18 # set var EVENT.LOG _ PARAM _ 6 “JS-PERSONAL”
19 # set var EVENT.LOG _ PARAM _ 7 “4.4.4.175”
20 # set var EVENT.PROFILE unauth-hostnames
21 # set var DISCOVERED _ VLAN corp
22 # set var UNAUTH _ VLAN unauthvlan
23 # enable cli scripting
24 # configure cli mode non-persistent
25 # if (!$match($EVENT.LOG _ EVENT,RecvKerberosTrig)) then
26 # if ($match($EVENT.LOG _ PARAM _ 6,PRIMECORP) <= 9) then
27 # configure vlan $DISCOVERED _ VLAN delete ports $EVENT.LOG _ PARAM _ 4
28 # configure vlan $UNAUTH _ VLAN add ports $EVENT.LOG _ PARAM _ 4
29 # endif
30 # endif
--------------------------------------------------------------------------------
Number of UPM Events in Queue for execution: 0
* Slot-1 Stack.119 # show vlan
---------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------
corp 2 4.4.4.1 /24 ------------------------ ANY 1 /1 VR-Default
Default 1 -------------------------------------------- ANY 0 /0 VR-Default
Mgmt 4095 10.127.1.129 /24 ------------------------ ANY 1 /1 VR-Mgmt
nlvlan 7 ----------------------LN-------------------- ANY 0 /0 VR-Default
unauthvlan 10 -------------------------------------------- ANY 1 /1 VR-Default
---------------------------------------------------------------------------------------
Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,
(d) NetLogin Dynamically created VLAN, (D) VLAN Admin Disabled,
(E) ESRP Enabled, (f) IP Forwarding Enabled,
(F) Learning Disabled, (i) ISIS Enabled, (L) Loopback Enabled,
(l) MPLS Enabled, (m) IPmc Forwarding Enabled,
(M) Translation Member VLAN or Subscriber VLAN,
(n) IP Multinetting Enabled, (N) Network Login VLAN, (o) OSPF Enabled,
(O) Flooding Disabled, (p) PIM Enabled, (P) EAPS protected VLAN,
(r) RIP Enabled, (R) Sub-VLAN IP Range Configured,
(s) Sub-VLAN, (S) Super-VLAN, (t) Translation VLAN or Network VLAN,
(T) Member of STP Domain, (V) VPLS Enabled, (v) VRRP Enabled,
© 2010 Extreme Networks, Inc. All rights reserved. Identity Aware Network—Page 66