beautypg.com

Configuring global settings for network access – LevelOne GTL-2691 User Manual

Page 332

background image

C

HAPTER

13

| Security Measures

Network Access (MAC Address Authentication)

– 332 –

For example, if the attribute is “service-policy-in=p1;service-policy-

in=p2”, then the switch applies only the DiffServ profile “p1.”

Any unsupported profiles in the Filter-ID attribute are ignored.
For example, if the attribute is “map-ip-dscp=2:3;service-policy-

in=p1,” then the switch ignores the “map-ip-dscp” profile.

When authentication is successful, the dynamic QoS information may

not be passed from the RADIUS server due to one of the following

conditions (authentication result remains unchanged):

The Filter-ID attribute cannot be found to carry the user profile.

The Filter-ID attribute is empty.

The Filter-ID attribute format for dynamic QoS assignment is

unrecognizable (can not recognize the whole Filter-ID attribute).

Dynamic QoS assignment fails and the authentication result changes

from success to failure when the following conditions occur:

Illegal characters found in a profile value (for example, a non-digital

character in an 802.1p profile value).

Failure to configure the received profiles on the authenticated port.

When the last user logs off on a port with a dynamic QoS assignment,

the switch restores the original QoS configuration for the port.

When a user attempts to log into the network with a returned dynamic

QoS profile that is different from users already logged on to the same

port, the user is denied access.

While a port has an assigned dynamic QoS profile, any manual QoS

configuration changes only take effect after all users have logged off

the port.

C

ONFIGURING

G

LOBAL

S

ETTINGS

FOR

N

ETWORK

A

CCESS

MAC address authentication is configured on a per-port basis, however

there are two configurable parameters that apply globally to all ports on

the switch. Use the Security > Network Access (Configure Global) page to

configure MAC address authentication aging and reauthentication time.

CLI R

EFERENCES

"Network Access (MAC Address Authentication)" on page 927

P

ARAMETERS

These parameters are displayed:

Aging Status – Enables aging for authenticated MAC addresses stored

in the secure MAC address table. (Default: Disabled)
This parameter applies to authenticated MAC addresses configured by

the MAC Address Authentication process described in this section, as

well as to any secure MAC addresses authenticated by 802.1X,

See also other documents in the category LevelOne Routers: