< Home

port (Kerberos snooping profile view)

Function

The port command configures the port number used by a Kerberos server to send packets.

The undo port command restores the default configuration.

By default, a Kerberos server uses port 88 to send packets.

Format

port port-number

undo port

Parameters

Parameter Description Value

port-number

Specifies the port number used by a Kerberos server to send packets.

The value is an integer in the range from 1 to 65535.

Views

Kerberos snooping profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When configuring Kerberos snooping, you need to run the port command to configure the port number used by a Kerberos server to send packets. The device identifies the Kerberos packets sent by a Kerberos server based on the configured IP address and port number of the Kerberos server. If the device receives a KRB_AS_REP, KRB_TGS_REP, or KRB_AP_REP packet from the Kerberos server, it considers that the user has been authenticated and allows the user to access network resources.

In addition, the device identifies and allows the Kerberos packets sent by clients to pass through if the destination port number of packets is the port number of a Kerberos server.

Precautions

Ensure that the port number configured on the device is the same as that used by the Kerberos server.

Example

# Set the port number used by the Kerberos server to send packets to 10000.

<HUAWEI> system-view
[HUAWEI] kerberos-snooping-profile name profile1
[HUAWEI-krb-snooping-profile-profile1] port 10000
Parent Topic: Kerberos Snooping Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >