Chapter 9
| General Security Measures
Network Access (MAC Address Authentication)
– 321 –
(attribute 11) can be configured on the RADIUS server to pass the following
QoS information:
â—† When the last user logs off of a port with a dynamic QoS assignment, the switch
restores the original QoS configuration for the port.
â—† When a user attempts to log into the network with a returned dynamic QoS
profile that is different from users already logged on to the same port, the user
is denied access.
â—† While a port has an assigned dynamic QoS profile, any manual QoS
configuration changes only take effect after all users have logged off of the
port.
Note:
Any configuration changes for dynamic QoS are not saved to the switch
configuration file.
Example
The following example enables the dynamic QoS feature on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-qos
Console(config-if)#
network-access
dynamic-vlan
Use this command to enable dynamic VLAN assignment for an authenticated port.
Use the no form to disable dynamic VLAN assignment.
Syntax
[no] network-access dynamic-vlan
Default Setting
Enabled
Table 56: Dynamic QoS Profiles
Profile Attribute Syntax Example
DiffServ service-policy-in=policy-map-name service-policy-in=p1
Rate Limit rate-limit-input=rate (kbps) rate-limit-input=100 (kbps)
rate-limit-output=rate (kbps) rate-limit-output=200 (kbps)
802.1p switchport-priority-default=value switchport-priority-default=2
IP ACL ip-access-group-in=ip-acl-name ip-access-group-in=ipv4acl
IPv6 ACL ipv6-access-group-in=ipv6-acl-name ipv6-access-group-in=ipv6acl
MAC ACL mac-access-group-in=mac-acl-name mac-access-group-in=macAcl
To Next Page
Loading...
Need help?
General