Table of Contents
Advertisement
C
OMMAND
◆
◆
E
XAMPLE
Console(config)#mac-authentication reauth-time 300
Console(config)#
Use this command to enable the dynamic QoS feature for an authenticated
network-access
port. Use the no form to restore the default.
dynamic-qos
S
YNTAX
D
EFAULT
Disabled
C
OMMAND
Interface Configuration
C
OMMAND
◆
◆
◆
U
SAGE
The reauthentication time is a global setting and applies to all ports.
When the reauthentication time expires for a secure MAC address it is
reauthenticated with the RADIUS server. During the reauthentication
process traffic through the port remains unaffected.
[no] network-access dynamic-qos
S
ETTING
M
ODE
U
SAGE
The RADIUS server may optionally return dynamic QoS assignments to
be applied to a switch port for an authenticated user. The "Filter-ID"
attribute (attribute 11) can be configured on the RADIUS server to pass
the following QoS information:
Table 80: Dynamic QoS Profiles
Profile
Attribute Syntax
DiffServ
service-policy-in=policy-map-name
Rate Limit
rate-limit-input=rate
802.1p
switchport-priority-default=value
IP ACL
ip-access-group-in=ip-acl-name
IPv6 ACL
ipv6-access-group-in=ipv6-acl-name
MAC ACL
mac-access-group-in=mac-acl-name
When the last user logs off of a port with a dynamic QoS assignment,
the switch restores the original QoS configuration for the port.
When a user attempts to log into the network with a returned dynamic
QoS profile that is different from users already logged on to the same
port, the user is denied access.
– 669 –
| General Security Measures
C
24
HAPTER
Network Access (MAC Address Authentication)
Example
service-policy-in=p1
rate-limit-input=100 (Kbps)
switchport-priority-default=2
ip-access-group-in=ipv4acl
ipv6-access-group-in=ipv6acl
mac-access-group-in=macAcl
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
