84
MAC-based authentication. (Range: 10-1000000 seconds; Default: 10 seconds)
If the RADIUS server denies a client access, or a RADIUS server request times out
(according to the timeout specified on the AAA menu on page 109), the client is put on
hold in the Unauthorized state. In this state, the hold timer does not count down during an
on-going authentication.
In MAC-based Authentication mode, the switch will ignore new frames coming from the
client during the hold time.
◆ RADIUS-Assigned QoS Enabled - RADIUS-assigned QoS provides a means to centrally
control the traffic class to which traffic coming from a successfully authenticated
supplicant is assigned on the switch. The RADIUS server must be configured to transmit
special RADIUS attributes to take advantage of this feature.
The RADIUS-Assigned QoS Enabled checkbox provides a quick way to globally
enable/disable RADIUS-server assigned QoS Class functionality. When checked, the
individual port settings determine whether RADIUS-assigned QoS Class is enabled for
that port. When unchecked, RADIUS-server assigned QoS Class is disabled for all ports.
When RADIUS-Assigned QoS is both globally enabled and enabled for a given port, the
switch reacts to QoS Class information carried in the RADIUS Access-Accept packet
transmitted by the RADIUS server when a supplicant is successfully authenticated. If
present and valid, traffic received on the supplicant’s port will be classified to the given
QoS Class. If (re-)authentication fails or the RADIUS Access-Accept packet no longer
carries a QoS Class or it's invalid, or the supplicant is otherwise no longer present on the
port, the port's QoS Class is immediately reverted to the original QoS Class (which may
be changed by the administrator in the meanwhile without affecting the RADIUS-
assigned setting).
This option is only available for single-client modes, i.e. port-based 802.1X and Single
802.1X.
RADIUS Attributes Used in Identifying a QoS Class
The User-Priority-Table attribute defined in RFC4675 forms the basis for identifying the QoS
Class in an Access-Accept packet.
Only the first occurrence of the attribute in the packet will be considered. To be valid, all 8
octets in the attribute's value must be identical and consist of ASCII characters in the range
'0' -'3', which translates into the desired QoS Class in the range 0-3.
QoS assignments to be applied to a switch port for an authenticated user may be configured
on the RADIUS server as described below:
■ The “Filter-ID” attribute (attribute 11) can be configured on the RADIUS server to pass
the following QoS information:
To Next Page
Loading...
