C
HAPTER
13
| Security Measures
Network Access (MAC Address Authentication)
– 329 –
For example, the attribute “service-policy-in=pp1;rate-limit-
input=100” specifies that the diffserv profile name is “pp1,” and the
ingress rate limit profile value is 100 kbps.
◆ If duplicate profiles are passed in the Filter-ID attribute, then only the
first profile is used.
For example, if the attribute is “service-policy-in=p1;service-policy-
in=p2”, then the switch applies only the DiffServ profile “p1.”
◆ Any unsupported profiles in the Filter-ID attribute are ignored.
For example, if the attribute is “map-ip-dscp=2:3;service-policy-
in=p1,” then the switch ignores the “map-ip-dscp” profile.
◆ When authentication is successful, the dynamic QoS information may
not be passed from the RADIUS server due to one of the following
conditions (authentication result remains unchanged):
■
The Filter-ID attribute cannot be found to carry the user profile.
■
The Filter-ID attribute is empty.
■
The Filter-ID attribute format for dynamic QoS assignment is
unrecognizable (can not recognize the whole Filter-ID attribute).
◆ Dynamic QoS assignment fails and the authentication result changes
from success to failure when the following conditions occur:
■
Illegal characters found in a profile value (for example, a non-digital
character in an 802.1p profile value).
■
Failure to configure the received profiles on the authenticated port.
◆ When the last user logs off on a port with a dynamic QoS assignment,
the switch restores the original QoS configuration for the port.
◆ When a user attempts to log into the network with a returned dynamic
QoS profile that is different from users already logged on to the same
port, the user is denied access.
◆ While a port has an assigned dynamic QoS profile, any manual QoS
configuration changes only take effect after all users have logged off
the port.
To Next Page
Loading...
Need help?
General
