Table 165 – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

840

Brocade 6910 Ethernet Access Switch Configuration Guide

53-1002581-01

Network Access (MAC Address Authentication)

41

•

The RADIUS server may optionally return dynamic QoS assignments to be applied to a switch
port for an authenticated user. The “Filter-ID” attribute (attribute 11) can be configured on the
RADIUS server to pass the following QoS information:

•

Multiple profiles can be specified in the Filter-ID attribute by using a semicolon to separate
each profile.

For example, the attribute “service-policy-in=pp1;rate-limit-input=100” specifies that the
diffserv profile name is “pp1,” and the ingress rate limit profile value is 100 kbps.

•

If duplicate profiles are passed in the Filter-ID attribute, then only the first profile is used.

For example, if the attribute is “service-policy-in=p1;service-policy-in=p2”, then the switch
applies only the DiffServ profile “p1.”

•

Any unsupported profiles in the Filter-ID attribute are ignored.

For example, if the attribute is “map-ip-dscp=2:3;service-policy-in=p1,” then the switch ignores
the “map-ip-dscp” profile.

•

When authentication is successful, the dynamic QoS information may not be passed from the
RADIUS server due to one of the following conditions (authentication result remains
unchanged):

•

The Filter-ID attribute cannot be found to carry the user profile.

•

The Filter-ID attribute is empty.

•

The Filter-ID attribute format for dynamic QoS assignment is unrecognizable (can not
recognize the whole Filter-ID attribute).

•

Dynamic QoS assignment fails and the authentication result changes from success to failure
when the following conditions occur:

•

Illegal characters found in a profile value (for example, a non-digital character in an
802.1p profile value).

•

Failure to configure the received profiles on the authenticated port.

•

When the last user logs off on a port with a dynamic QoS assignment, the switch restores the
original QoS configuration for the port.

•

When a user attempts to log into the network with a returned dynamic QoS profile that is
different from users already logged on to the same port, the user is denied access.

•

While a port has an assigned dynamic QoS profile, any manual QoS configuration changes only
take effect after all users have logged off the port.

TABLE 165

Dynamic QoS Profiles

Profile

Attribute Syntax

Example

DiffServ

service-policy-in=policy-map-name

service-policy-in=p1

Rate Limit

rate-limit-input=rate

rate-limit-input=100
(in units of Kbps)

802.1p

switchport-priority-default=value

switchport-priority-default=2

IP ACL

ip-access-group-in=ip-acl-name

ip-access-group-in=ipv4acl

IPv6 ACL

ipv6-access-group-in=ipv6-acl-name

ipv6-access-group-in=ipv6acl

MAC ACL

mac-access-group-in=mac-acl-name

mac-access-group-in=macAcl