LevelOne FGL-2870 User Manual

Page 171

Advertising
background image

General Security Measures

3-117

3

- The Filter-ID attribute is empty.
- The Filter-ID attribute format for dynamic QoS assignment is unrecognizable

(can not recognize the whole Filter-ID attribute).

• Dynamic QoS assignment fails and the authentication result changes from

success to failure when the following conditions occur:
- Illegal characters found in a profile value (for example, a non-digital character

in an 802.1p profile value).

- Failure to configure the received profiles on the authenticated port.

• When the last user logs off on a port with a dynamic QoS assignment, the switch

restores the original QoS configuration for the port.

• When a user attempts to log into the network with a returned dynamic QoS

profile that is different from users already logged on to the same port, the user
is denied access.

• While a port has an assigned dynamic QoS profile, any manual QoS

configuration changes only take effect after all users have logged off the port.

Note:

All configuration changes for dynamic QoS are not saved to the switch
configuration file.

Configuring the MAC Authentication Reauthentication Time

MAC address authentication is configured on a per-port basis, however there are
two configurable parameters that apply globally to all ports on the switch.

Command Attributes
Authenticated Age – The secure MAC address table aging time. This parameter

setting is the same as switch MAC address table aging time and is only
configurable from the Address Table, Aging Time web page (see page 3-187).
(Default: 300 seconds)

MAC Authentication Reauthentication Time – Sets the time period after which

a connected MAC address must be reauthenticated. When the reauthentication
time expires for a secure MAC address, it is reauthenticated with the RADIUS
server. During the reauthentication process traffic through the port remains
unaffected. (Default: 1800 seconds; Range: 120-1000000 seconds)

MAC Address Aging – Enables aging for authenticated MAC addresses stored in

the secure MAC address table. (Default: Disabled)
Authenticated MAC addresses are stored as dynamic entries in the switch’s secure
MAC address table and are removed when the aging time expires.
The maximum number of secure MAC addresses supported for the switch system
is 1024.

Advertising
Popular Brands
Popular manuals