C
HAPTER
4
| Configuring the Switch
Configuring Security
– 89 –
whether RADIUS-assigned QoS Class is enabled for that port. When
unchecked, RADIUS-server assigned QoS Class is disabled for all ports.
When RADIUS-Assigned QoS is both globally enabled and enabled for a
given port, the switch reacts to QoS Class information carried in the
RADIUS Access-Accept packet transmitted by the RADIUS server when
a supplicant is successfully authenticated. If present and valid, traffic
received on the supplicant’s port will be classified to the given QoS
Class. If (re-)authentication fails or the RADIUS Access-Accept packet
no longer carries a QoS Class or it's invalid, or the supplicant is
otherwise no longer present on the port, the port's QoS Class is
immediately reverted to the original QoS Class (which may be changed
by the administrator in the meanwhile without affecting the RADIUS-
assigned setting).
This option is only available for single-client modes, i.e. port-based
802.1X and Single 802.1X.
RADIUS Attributes Used in Identifying a QoS Class
The User-Priority-Table attribute defined in RFC4675 forms the basis for
identifying the QoS Class in an Access-Accept packet.
Only the first occurrence of the attribute in the packet will be
considered. To be valid, all 8 octets in the attribute's value must be
identical and consist of ASCII characters in the range '0' - '3', which
translates into the desired QoS Class in the range 0-3.
QoS assignments to be applied to a switch port for an authenticated
user may be configured on the RADIUS server as described below:
■
The “Filter-ID” attribute (attribute 11) can be configured on the
RADIUS server to pass the following QoS information:
■
Multiple profiles can be specified in the Filter-ID attribute by using a
semicolon to separate each profile.
For example, the attribute “service-policy-in=pp1;rate-limit-
input=100” specifies that the diffserv profile name is “pp1,” and the
ingress rate limit profile value is 100 kbps.
■
If duplicate profiles are passed in the Filter-ID attribute, then only
the first profile is used.
For example, if the attribute is “service-policy-in=p1;service-policy-
in=p2”, then the switch applies only the DiffServ profile “p1.”
■
Any unsupported profiles in the Filter-ID attribute are ignored.
Table 7: Dynamic QoS Profiles
Profile
Attribute Syntax
Example
DiffServ
service-policy-in
=
policy-map-name
service-policy-in=p1
Rate Limit
rate-limit-input
=
rate
rate-limit-input=100
(in units of Kbps)
802.1p
switchport-priority-default
=
value
switchport-priority-default=2
Summary of Contents for GEP-5070
Page 1: ...GEP 5070 48 GE PoE Plus 2 GE SFP L2 Managed Switch User Manual V1 0...
Page 2: ......
Page 4: ......
Page 6: ...ABOUT THIS GUIDE 6...
Page 18: ...FIGURES 18...
Page 20: ...TABLES 20...
Page 22: ...SECTION I Getting Started 22...
Page 34: ...SECTION II Web Configuration 34...
Page 217: ...CHAPTER 4 Configuring the Switch Configuring sFlow 217 Figure 96 sFlow Configuration...
Page 218: ...CHAPTER 4 Configuring the Switch Configuring sFlow 218...
Page 286: ...CHAPTER 6 Performing Basic Diagnostics Running Cable Diagnostics 286...
Page 292: ...CHAPTER 7 Performing System Maintenance Managing Configuration Files 292...
Page 294: ...SECTION III Appendices 294...
Page 312: ...GLOSSARY 312...
Page 317: ......
Page 318: ...GEP 5070 E042013 ST R01...