SMC Networks SMCGS10C-SMART Management Manual page 82

| Configuring the Switch
C 4
HAPTER
Configuring Security
For example, the attribute "service-policy-in=pp1;rate-limit-
input=100" specifies that the diffserv profile name is "pp1," and the
ingress rate limit profile value is 100 kbps.
If duplicate profiles are passed in the Filter-ID attribute, then only
■
the first profile is used.
For example, if the attribute is "service-policy-in=p1;service-policy-
in=p2", then the switch applies only the DiffServ profile "p1."
Any unsupported profiles in the Filter-ID attribute are ignored.
■
For example, if the attribute is "map-ip-dscp=2:3;service-policy-
in=p1," then the switch ignores the "map-ip-dscp" profile.
When authentication is successful, the dynamic QoS information
■
may not be passed from the RADIUS server due to one of the
following conditions (authentication result remains unchanged):
The Filter-ID attribute cannot be found to carry the user profile.
■
The Filter-ID attribute is empty.
■
The Filter-ID attribute format for dynamic QoS assignment is
■
unrecognizable (can not recognize the whole Filter-ID attribute).
Dynamic QoS assignment fails and the authentication result
■
changes from success to failure when the following conditions
occur:
Illegal characters found in a profile value (for example, a non-
■
digital character in an 802.1p profile value).
Failure to configure the received profiles on the authenticated
■
port.
When the last user logs off on a port with a dynamic QoS
■
assignment, the switch restores the original QoS configuration for
the port.
When a user attempts to log into the network with a returned
■
dynamic QoS profile that is different from users already logged on
to the same port, the user is denied access.
While a port has an assigned dynamic QoS profile, any manual QoS
■
configuration changes only take effect after all users have logged
off the port.
RADIUS-Assigned VLAN Enabled - RADIUS-assigned VLAN provides
◆
a means to centrally control the VLAN on which a successfully
authenticated supplicant is placed on the switch. Incoming traffic will
be classified to and switched on the RADIUS-assigned VLAN. The
RADIUS server must be configured to transmit special RADIUS
attributes to take advantage of this feature.
The "RADIUS-Assigned VLAN Enabled" checkbox provides a quick way
to globally enable/disable RADIUS-server assigned VLAN functionality.
When checked, the individual port settings determine whether RADIUS-
– 82 –