Table 7: dynamic qos profiles – LevelOne GSW-4876 User Manual

Page 91

Advertising
background image

C

HAPTER

4

| Configuring the Switch

Configuring Security

– 91 –

RADIUS Attributes Used in Identifying a QoS Class
The User-Priority-Table attribute defined in RFC4675 forms the basis for

identifying the QoS Class in an Access-Accept packet.
Only the first occurrence of the attribute in the packet will be

considered. To be valid, all 8 octets in the attribute's value must be

identical and consist of ASCII characters in the range '0' - '3', which

translates into the desired QoS Class in the range 0-3.
QoS assignments to be applied to a switch port for an authenticated

user may be configured on the RADIUS server as described below:

The “Filter-ID” attribute (attribute 11) can be configured on the

RADIUS server to pass the following QoS information:

Multiple profiles can be specified in the Filter-ID attribute by using a

semicolon to separate each profile.
For example, the attribute “service-policy-in=pp1;rate-limit-

input=100” specifies that the diffserv profile name is “pp1,” and the

ingress rate limit profile value is 100 kbps.

If duplicate profiles are passed in the Filter-ID attribute, then only

the first profile is used.
For example, if the attribute is “service-policy-in=p1;service-policy-

in=p2”, then the switch applies only the DiffServ profile “p1.”

Any unsupported profiles in the Filter-ID attribute are ignored.
For example, if the attribute is “map-ip-dscp=2:3;service-policy-

in=p1,” then the switch ignores the “map-ip-dscp” profile.

When authentication is successful, the dynamic QoS information

may not be passed from the RADIUS server due to one of the

following conditions (authentication result remains unchanged):

The Filter-ID attribute cannot be found to carry the user profile.

The Filter-ID attribute is empty.

The Filter-ID attribute format for dynamic QoS assignment is

unrecognizable (can not recognize the whole Filter-ID attribute).

Dynamic QoS assignment fails and the authentication result

changes from success to failure when the following conditions

occur:

Illegal characters found in a profile value (for example, a non-

digital character in an 802.1p profile value).

Table 7: Dynamic QoS Profiles

Profile

Attribute Syntax

Example

DiffServ

service-policy-in=policy-map-name service-policy-in=p1

Rate Limit

rate-limit-input=rate

rate-limit-input=100

(in units of Kbps)

802.1p

switchport-priority-default=value switchport-priority-default=2

Advertising
Popular Brands
Popular manuals