Switch User Manual

ManualsBrandsEnterasys Networks ManualsSwitchSECURESTACK 9034313-07

791

792

793

794

795

796

797

798

799

800

Configuring Policy Maptable Response

26-52 Authentication and Authorization Configuration

Parameters

Defaults

Ifnoportstringisentered,thestatusforallportswillbedisplayed.

Mode

Switchcommand,read‐only.

Example

ThiscommandshowshowtodisplayVLANauthorizationstatusfor ge.1.1:

C3(su)->show vlanauthorization ge.1.1

Vlan Authorization: - enabled

port status administrative operational authenticated vlan id

egress egress mac address

------- -------- -------------- ----------- ----------------- -------

ge.1.1 enabled untagged

Table 26‐5providesanexplanationofcommandoutput.Fordetailsonenablingandassigning

protocolandegressattributes,referto“setvlanauthorization”onpage 26‐50and“set

vlanauthorizationegress”onpage 26‐50.

Configuring Policy Maptable Response

Thepolicymaptableresponsefeatureallowsyoutodefinehowthesystemshould handle

allowinganauthenticateduserontoaportbasedonthecontentsoftheRADIUSserverAccess‐

Acceptreply.Therearethreepossibleresponsesettings:tunnelmode,policymode,orbothtunnel

andpolicy,alsoknownashybrid

authenticationmode.

Whenthemaptableresponseissettotunnelmode,thesystemwillusethetunnelattributesinthe

RADIUSreplytoapplyaVLANtotheauthenticatinguserandwillignoreanyFilter‐IDattributes

intheRADIUSreply.Onthisplatform,whentunnelmodeisconfigured,no

VLAN‐to‐policy

mappingwilloccur.WhenusingVLANauthorization,thepolicymaptableresponseshouldbeset

totunnel(see“ConfiguringVLANAuthorization(RFC3580)” onpage 26‐49).

port‐string (Optional)DisplaysVLANauthenticationstatusforthespecifiedports.If

noportstringisentered,thentheglobalstatusofthe

settingisdisplayed.

Foradetaileddescriptionofpossibleport‐stringvalues,referto“Port

StringSyntaxUsedintheCLI”onpage 7‐1.

Table 26-5 show vlanauthorization Output Details

Output Field What It Displays...

port Port identification

status Port status as assigned by set vlanauthorization command

administrative

egress

Port status as assigned by the set vlanauthorization egress command

operational egress Port operational status of vlanauthorization egress.

authenticated mac

address

If authentication has succeeded, displays the MAC address assigned for egress.

vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.