When identity management is enabled on a port, Kerberos packets are software-forwarded. With this command, you can report if shared folder access via identity management-enabled ports is slow if there exists other CPU-bound traffic.
Configure how customer Kerberos authentication packets are forwarded by this system.
Forward customer snooped Kerberos packets in hardware (default).
Forward customer snooped Kerberos packets in software. This option is recommended only for systems with low CPU-bound traffic.
Use this command to report if shared folder access via identity management-enabled ports is slow if there exists other CPU-bound traffic.
The following show command displays the modified Kerberos information:
# sh identity-management Identity Management : Enabled Stale entry age out (effective) : 180 Seconds (180 Seconds) Max memory size : 512 Kbytes Enabled ports : 1 SNMP trap notification : Enabled Access list source address type : MAC Kerberos aging time (DD:HH:MM) : None Kerberos force aging time (DD:HH:MM) : None Kerberos snooping forwarding : Fast path Kerberos snooping forwarding : Slow path Valid Kerberos servers : none configured(all valid) LDAP Configuration: ------------------- LDAP Server : No LDAP Servers configured Base-DN : None Bind credential : anonymous LDAP Configuration for Netlogin: dot1x : Enabled mac : Enabled web-based : Enabled
This command was first available in ExtremeXOS 15.1.3.
This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.