Network-access dynamic-qos, Table 4-44, Dynamic qos profiles – LevelOne FGL-2870 User Manual

General Security Measures

4-167

4

Command Mode

Interface Configuration

Command Usage

• The VLAN to be used as the guest VLAN must be defined and set as active

("vlan database" on page 4-298).

• When used with 802.1X authentication, the intrusion-action must be set for

‘guest-vlan’ to be effective (see "dot1x intrusion-action" on page 4-151).

Example

network-access dynamic-qos

Use this command to enable the dynamic QoS feature for an authenticated port.
Use the no form to restore the default.

Syntax

[no] network-access dynamic-qos

Default Setting

Disabled

Command Mode

Interface Configuration

Command Usage

• The RADIUS server may optionally return dynamic QoS assignments to be applied

to a switch port for an authenticated user. The “Filter-ID” attribute (attribute 11) can
be configured on the RADIUS server to pass the following QoS information:

• When the last user logs off of a port with a dynamic QoS assignment, the switch

restores the original QoS configuration for the port.

• When a user attempts to log into the network with a returned dynamic QoS profile

that is different from users already logged on to the same port, the user is denied
access.

• While a port has an assigned dynamic QoS profile, any manual QoS configuration

changes only take effect after all users have logged off of the port.

Console(config)#interface ethernet 1/1
Console(config-if)#network-access guest-vlan 25
Console(config-if)#

Table 4-44 Dynamic QoS Profiles

Profile

Attribute Syntax

Example

DiffServ

service-policy-in=policy-map-name

service-policy-in=p1

Rate Limit

rate-limit-input=rate

rate-limit-input=100 (in units of Kbps)

802.1p

switchport-priority-default=value

switchport-priority-default=2