When identity management is enabled on a port, Kerberos packets are software-forwarded. With this command, you can report if shared folder access via identity management-enabled ports is slow if there exists other CPU-bound traffic.
forwarding |
Configure how customer Kerberos authentication packets are forwarded by this system. |
fast-path |
Forward customer snooped Kerberos packets in hardware (default). |
slow-path |
Forward customer snooped Kerberos packets in software. This option is recommended only for systems with low CPU-bound traffic. |
Fast-path.
Use this command to report if shared folder access via identity management-enabled ports is slow if there exists other CPU-bound traffic.
The following show command displays the modified Kerberos information:
# sh identity-management Identity Management : Enabled Stale entry age out (effective) : 180 Seconds (180 Seconds) Max memory size : 512 Kbytes Enabled ports : 1 SNMP trap notification : Enabled Access list source address type : MAC Kerberos aging time (DD:HH:MM) : None Kerberos force aging time (DD:HH:MM) : None Kerberos snooping forwarding : Fast path Kerberos snooping forwarding : Slow path Valid Kerberos servers : none configured(all valid) LDAP Configuration: ------------------- LDAP Server : No LDAP Servers configured Base-DN : None Bind credential : anonymous LDAP Configuration for Netlogin: dot1x : Enabled mac : Enabled web-based : Enabled
This command was first available in ExtremeXOS 15.1.3.
This command is available on the ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, and X870 series switches.