configure identity-management kerberos snooping forwarding

configure identity-management kerberos snooping forwarding [fast-path | slow-path]

Description

When identity management is enabled on a port, Kerberos packets are software-forwarded. With this command, you can report if shared folder access via identity management-enabled ports is slow if there exists other CPU-bound traffic.

Syntax Description

forwarding

Configure how customer Kerberos authentication packets are forwarded by this system.

fast-path

Forward customer snooped Kerberos packets in hardware (default).

slow-path

Forward customer snooped Kerberos packets in software. This option is recommended only for systems with low CPU-bound traffic.

Default

Fast-path.

Usage Guidelines

Use this command to report if shared folder access via identity management-enabled ports is slow if there exists other CPU-bound traffic.

Example

The following show command displays the modified Kerberos information:

# sh identity-management    
Identity Management                   : Enabled   
Stale entry age out (effective)       : 180 Seconds (180 Seconds)   
Max memory size                       : 512 Kbytes   
Enabled ports                         : 1   
SNMP trap notification                : Enabled   
Access list source address type       : MAC   
Kerberos aging time (DD:HH:MM)        : None    
Kerberos force aging time (DD:HH:MM)  : None    
Kerberos snooping forwarding          : Fast path    
Kerberos snooping forwarding          : Slow path    
Valid Kerberos servers                : none configured(all valid)   
LDAP Configuration:   
-------------------   
LDAP Server     : No LDAP Servers configured   
Base-DN         : None    
Bind credential : anonymous        

LDAP Configuration for Netlogin:    
  dot1x         : Enabled     
  mac           : Enabled     
  web-based     : Enabled     

History

This command was first available in ExtremeXOS 15.1.3.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.