Enterasys b5

To Next Page

To Previous Page

Configuring Policy Maptable Response

22-52 Authentication and Authorization Configuration

Parameters

Defaults

Ifnoportstringisentered,thestatusforallportswillbedisplayed.

Mode

Switchcommand,read‐only.

Example

ThiscommandshowshowtodisplayVLANauthorizationstatusforge.1.1:

B5(su)->show vlanauthorization ge.1.1

Vlan Authorization: - enabled

port status administrative operational authenticated vlan id

egress egress mac address

------- -------- -------------- ----------- ----------------- -------

ge.1.1 enabled untagged

Table 22‐5providesanexplanationofcommandoutput.Fordetailsonenablingandassigning

protocolandegressattributes,referto“setvlanauthorization”onpage 22‐50and“set

vlanauthorizationegress”onpage 22‐50.

Configuring Policy Maptable Response

Thepolicymaptableresponsefeatureallowsyoutodefinehowthesystemshouldhandle

allowinganauthenticateduserontoaportbasedonthecontentsoftheRADIUSserverAccess‐

Acceptreply.Therearethreepossibleresponsesettings:tunnelmode,policymode,orbothtunnel

andpolicy,alsoknownashybrid

authenticationmode.

Whenthemaptable responseissettotunnelmode,thesystemwillusethetunnelattributesinthe

RADIUSreplytoapplyaVLANtotheauthenticatinguserandwillignoreanyFilter‐IDattributes

intheRADIUSreply.Onthisplatform,whentunnelmodeisconfigured,no

VLAN‐to‐policy

mappingwilloccur.WhenusingVLANauthorization,thepolicymaptableresponseshouldbeset

totunnel(see“ConfiguringVLANAuthorization(RFC3580)” onpage 22‐49).

port‐string (Optional)DisplaysVLANauthenticationstatusforthespecifiedports.If

noportstringisentered,thentheglobalstatusofthe

settingisdisplayed.

Foradetaileddescriptionofpossibleport‐stringvalues,referto“Port

StringSyntaxUsedintheCLI”onpage 7‐1.

Table 22-5 show vlanauthorization Output Details

Output Field What It Displays...

port Port identification

status Port status as assigned by set vlanauthorization command

administrative

egress

Port status as assigned by the set vlanauthorization egress command

operational egress Port operational status of vlanauthorization egress.

authenticated mac

address

If authentication has succeeded, displays the MAC address assigned for egress.

vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.

Main Page

Table of Contents