KB.15.15

Figure 148 Acccounting in common mode (with same session ID throughout)

Radius-administered CoS and rate-limiting

The switches covered in this guide take advantage of vendor-specific attributes (VSAs) applied in

a RADIUS server to support these optional, RADIUSassigned attributes:

• 802.1p (CoS) priority assignment to inbound traffic on the specified port(s) (port-access

authentication only)

• Per-Port Rate-Limiting on a port with an active link to an authenticated client (port-access

authentication only)

Radius-administered commands authorization

This feature enables RADIUS server control of an authenticated client’s access to CLI commands

on the switch. See “Commands authorization” (page 183).

SNMP access to the switch's authentication configuration MIB

Beginning with software release K.12.xx, the switch’s default configuration allows SNMP access

to the hpSwitchAuth MIB (Management Information Base). A management station running an SNMP

networked device management application such as HP PCM+ or HP OpenView can access the

switch’s MIB for read access to the switch’s status and read/write access to the switch’s

configuration. For more information, including the CLI command to use for disabling this feature,

see “Using SNMP to view and configure switch authentication features” (page 180).

About the dynamic removal of authentication limits

In some situations, it is desirable to configure RADIUS attributes for downstream supplicant devices

that allow dynamic removal of the 802.1X, MAC, and web-based authentication limits on the

associated port of the authenticator switch. This eliminates the need to manually reconfigure ports

associated with downstream 802.1X-capable devices, and MAC relay devices such as IP phones,

on the authenticator switches. When the RADIUS authentication ages out, the authentication limits

are dynamically restored. This enhancement allows a common port policy to be configured on all

194 RADIUS Authentication, Authorization, and Accounting