While a RADIUS-assigned client session is active on a given port, any RADIUS-imposed values for the settings listed in Application of RADIUS-assigned values are applied as shown:
Application of RADIUS-assigned values
Dynamic RADIUS assignment options | Static per-port setting options | Application of dynamic RADIUS assignment |
---|---|---|
802.1p Priority (CoS) | qos priority <0-7> |
Applies per-client; that is, only to client whose authentication triggered the assignment. (Up to 32 clients supported per-port.) |
Inbound (Ingress) Rate-Limiting |
|
|
Outbound (Egress) Rate-Limiting |
|
Applies per-port; that is, to all clients on the port.[a] |
[a] Uses the value assigned to the port by the most recent instance of client authentication. |
Syntax:
If the switch receives an 802.1p priority (CoS) and/or rate-limit setting(s) from a RADIUS server as the result of a client authentication on a port, the above commands display the assigned values while the client's session is active. When the session ends, the values for that client are no longer displayed.
The priority and inbound (ingress) rate-limit are applied only to the inbound traffic of the client whose authentication triggered the assignment. The outbound (egress) rate-limit applies to all outbound traffic on the port.
Displays, for a Web authenticated client (web-based authentication), the status of RADIUS-assignment details for that client. See Show commands for web-based authentication.
Displays, for a MAC authenticated client (MAC-Auth), the status of RADIUS-assignment details for that client.
Displays, for an 802.1X- authenticated client, the status of RADIUS-assignment details for that client.
Example:
Suppose port 4 has been statically configured from the CLI with the following:
802.1p priority: 7
Inbound rate-limit: 50 percent
Outbound rate-limit: 50 percent
The above, statically configured, per-port priority and inbound rate-limit settings will not apply to any clients who authenticate and receive different inbound priority and rate-limit settings from the RADIUS server. If the RADIUS server also assigns an outbound rate-limit setting, which is applied per-port instead of per-client, then the outbound traffic from the port to all connected clients will be rate-limited according to the value set by the server for the most recently authenticated client. Thus, if client "X" authenticates with web-based authentication on port 4 with a RADIUS server that assigns a priority of 3, an inbound rate-limit of 10,000 kbps, and an outbound rate-limit of 50,000 kbps, then:
The inbound traffic from client "X" will be subject to a priority of 3 and inbound rate-limit of 10,000 kbps. Traffic from other clients using the port will not be affected by these values.
The combined rate-limit outbound for all clients using the port will be 50,000 kbps until either all client sessions end, or another client authenticates and receives a different outbound rate-limit.
NOTE: Mixing CLI-configured and RADIUS-assigned rate-limiting on the same port can produce unexpected results. See Per-port bandwidth override.
Where multiple clients are currently authenticated on a given port where outbound (egress) rate-limiting values have been assigned by a RADIUS server, the port operates with the outbound rate-limit assigned by RADIUS for the most recently authenticated client. Any earlier outbound rate-limit values assigned on the same port for other authenticated client sessions that are still active are superseded by the most recent RADIUS-assigned value. For example, if client "X" is authenticated with an outbound rate-limit of 750 kbps, and client "Y" later becomes authenticated with an outbound rate-limit of 500 kbps while the session for client "X" is still active, then the port operates with an outbound rate-limit of 500 kbps for both clients.