Configuring Policy Maptable Response
32-56 Authentication and Authorization Configuration
Parameters
Defaults
If no port string is entered, the status for all ports will be displayed.
Mode
Switch command, read-only.
Example
This command shows how to display VLAN authorization status for ge.1.1:
C3(su)->show vlanauthorization ge.1.1
Vlan Authorization: - enabled
port status administrative operational authenticated vlan id
egress egress mac address
------- -------- -------------- ----------- ----------------- -------
ge.1.1 enabled untagged
Table 32-5 provides an explanation of command output. For details on enabling and assigning
protocol and egress attributes, refer to “set vlanauthorization” on page 32-54 and “set
vlanauthorization egress” on page 32-54.
Configuring Policy Maptable Response
The policy maptable response feature allows you to define how the system should handle
allowing an authenticated user onto a port based on the contents of the RADIUS server Access-
Accept reply. There are three possible response settings: tunnel mode, policy mode, or both tunnel
and policy, also known as hybrid authentication mode.
When the maptable response is set to tunnel mode, the system will use the tunnel attributes in the
RADIUS reply to apply a VLAN to the authenticating user and will ignore any Filter-ID attributes
in the RADIUS reply. On this platform, when tunnel mode is configured, no VLAN-to-policy
mapping will occur. When using VLAN authorization, the policy maptable response should be set
to tunnel (see “Configuring VLAN Authorization (RFC 3580)” on page 32-53).
port-string (Optional) Displays VLAN authentication status for the specified ports. If
no port string is entered, then the global status of the setting is displayed.
For a detailed description of possible port-string values, refer to “Port
String Syntax Used in the CLI” on page 11-1.
Table 32-5 show vlanauthorization Output Details
Output Field What It Displays...
port Port identification
status Port status as assigned by set vlanauthorization command
administrative
egress
Port status as assigned by the set vlanauthorization egress command
operational egress Port operational status of vlanauthorization egress.
authenticated mac
address
If authentication has succeeded, displays the MAC address assigned for egress.
vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.
To Next Page
Loading...
Need help?
General