network-access
Use this command to enable the dynamic QoS feature for an authenticated port.
Use the no form to restore the default.
dynamic-qos
Syntax
Default Setting
Disabled
Command Mode
Interface Configuration
Command Usage
◆
◆
◆
◆
Note:
configuration file.
[no] network-access dynamic-qos
The RADIUS server may optionally return dynamic QoS assignments to be
applied to a switch port for an authenticated user. The "Filter-ID" attribute
(attribute 11) can be configured on the RADIUS server to pass the following
QoS information:
Table 51: Dynamic QoS Profiles
Profile
Attribute Syntax
DiffServ
service-policy-in=policy-map-name
Rate Limit
rate-limit-input=rate
802.1p
switchport-priority-default=value
IP ACL
ip-access-group-in=ip-acl-name
IPv6 ACL
ipv6-access-group-in=ipv6-acl-name
MAC ACL
mac-access-group-in=mac-acl-name
When the last user logs off of a port with a dynamic QoS assignment, the switch
restores the original QoS configuration for the port.
When a user attempts to log into the network with a returned dynamic QoS
profile that is different from users already logged on to the same port, the user
is denied access.
While a port has an assigned dynamic QoS profile, any manual QoS
configuration changes only take effect after all users have logged off of the
port.
Any configuration changes for dynamic QoS are not saved to the switch
– 253 –
Chapter 8
| General Security Measures
Network Access (MAC Address Authentication)
Example
service-policy-in=p1
rate-limit-input=100 (Kbps)
switchport-priority-default=2
ip-access-group-in=ipv4acl
ipv6-access-group-in=ipv6acl
mac-access-group-in=macAcl