EasyManua.ls Logo

Edge-Core ES3528MV2 - Table 19: Dynamic Qos Profiles

Edge-Core ES3528MV2
1480 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
C
HAPTER
13
| Security Measures
Network Access (MAC Address Authentication)
– 330 –
The RADIUS server may optionally return a VLAN identifier list to be
applied to the switch port. The following attributes need to be
configured on the RADIUS server.
Tunnel-Type = VLAN
Tunnel-Medium-Type = 802
Tunnel-Private-Group-ID = 1u,2t [VLAN ID list]
The VLAN identifier list is carried in the RADIUS “Tunnel-Private-Group-
ID” attribute. The VLAN list can contain multiple VLAN identifiers in the
format “1u,2t,3u” where “u” indicates an untagged VLAN and “t” a
tagged VLAN.
The RADIUS server may optionally return dynamic QoS assignments to
be applied to a switch port for an authenticated user. The “Filter-ID”
attribute (attribute 11) can be configured on the RADIUS server to pass
the following QoS information:
Multiple profiles can be specified in the Filter-ID attribute by using a
semicolon to separate each profile.
For example, the attribute “service-policy-in=pp1;rate-limit-
input=100” specifies that the diffserv profile name is “pp1,” and the
ingress rate limit profile value is 100 kbps.
If duplicate profiles are passed in the Filter-ID attribute, then only the
first profile is used.
For example, if the attribute is “service-policy-in=p1;service-policy-
in=p2”, then the switch applies only the DiffServ profile “p1.
Any unsupported profiles in the Filter-ID attribute are ignored.
For example, if the attribute is “map-ip-dscp=2:3;service-policy-
in=p1,then the switch ignores the “map-ip-dscp” profile.
When authentication is successful, the dynamic QoS information may
not be passed from the RADIUS server due to one of the following
conditions (authentication result remains unchanged):
The Filter-ID attribute cannot be found to carry the user profile.
The Filter-ID attribute is empty.
Table 19: Dynamic QoS Profiles
Profile Attribute Syntax Example
DiffServ service-policy-in=policy-map-name service-policy-in=p1
Rate Limit rate-limit-input=rate rate-limit-input=100
(in units of Kbps)
802.1p switchport-priority-default=value switchport-priority-default=2
IP ACL ip-access-group-in=ip-acl-name ip-access-group-in=ipv4acl
IPv6 ACL ipv6-access-group-in=ipv6-acl-name ipv6-access-group-in=ipv6acl
MAC ACL mac-access-group-in=mac-acl-name mac-access-group-in=macAcl

Table of Contents

Related product manuals