Chapter 8
| General Security Measures
Network Access (MAC Address Authentication)
– 225 –
Command Mode
Global Configuration
Command Usage
◆ The reauthentication time is a global setting and applies to all ports.
◆ When the reauthentication time expires for a secure MAC address it is
reauthenticated with the RADIUS server. During the reauthentication process
traffic through the port remains unaffected.
Example
Console(config)#mac-authentication reauth-time 300
Console(config)#
network-access
dynamic-qos
Use this command to enable the dynamic QoS feature for an authenticated port.
Use the no form to restore the default.
Syntax
[no] network-access dynamic-qos
Default Setting
Disabled
Command Mode
Interface Configuration
Command Usage
◆ The RADIUS server may optionally return dynamic QoS assignments to be
applied to a switch port for an authenticated user. The “Filter-ID” attribute
(attribute 11) can be configured on the RADIUS server to pass the following
QoS information:
Table 48: Dynamic QoS Profiles
Profile Attribute Syntax Example
DiffServ service-policy-in=policy-map-name service-policy-in=p1
Rate Limit rate-limit-input=rate (Kbps) rate-limit-input=100 (Kbps)
rate-limit-output=rate (Kbps) rate-limit-output=200 (Kbps)
802.1p switchport-priority-default=value switchport-priority-default=2
IP ACL ip-access-group-in=ip-acl-name ip-access-group-in=ipv4acl
IPv6 ACL ipv6-access-group-in=ipv6-acl-name ipv6-access-group-in=ipv6acl
MAC ACL mac-access-group-in=mac-acl-name mac-access-group-in=macAcl
To Next Page
Loading...
