Administrator Guide
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Critical VLAN: Disable
Critical VLAN id: NONE
Mac-Auth-Bypass: Enable
Mac-Auth-Bypass Only: Disable
Static-MAB: Disable
Static-MAB Profile: NONE
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: SINGLE_HOST
Auth PAE State: Authenticated
Backend State: Idle
Dynamic CoS with 802.1X
Class of Service (CoS) is a method of trac management that groups similar types of trac so that they are serviced dierently. One way
of classifying trac is 802.1p, which uses the 3-bit Priority eld in the VLAN tag to mark frames (other classication methods include ToS,
ACL, and DSCP). Once trac is classied, you can use Quality of Service (QoS) trac management to control the level of service for a
class in terms of bandwidth and delivery time.
For incoming trac, the Dell Networking OS allows you to set a static priority value on a per-port basis or dynamically set a priority on a
per-port basis by leveraging 802.1X.
NOTE
: When a priority is statically congured using the dynamic dot1p command and dynamically congured using dynamic
CoS with 802.1X, the dynamic conguration takes precedence.
You can use dynamic CoS with 802.1X is when the trac from a server should be classied based on the application that it is running. A
static dot1p priority conguration applied from the switch is not sucient in this case, as the server application might change. You would
instead need to push the CoS conguration to the switches based on the application the server is running.
Dynamic CoS uses RADIUS attribute 59, called User-Priority-Table, to specify the priority value for incoming frames. Attribute 59 has an 8-
octet eld that maps the incoming dot1p values to new values; it is essentially a dot1p re-mapping table. The position of each octet
corresponds to a priority value: the rst octet maps to incoming priority 0, the second octet maps to incoming priority 1, etc. The value in
each octet represents the corresponding new priority.
To use dynamic CoS with 802.1X authentication, no conguration command is required. You must only congure the supplicant records on
the RADIUS server, including VLAN assignment and CoS priority re-mapping table. VLAN and priority values are automatically applied to
incoming packets. The RADIUS server nds the appropriate record based on the supplicant’s credentials and sends the priority re-mapping
table to the Dell Networking system by including Attribute 59 in the AUTH-ACCEPT packet.
The following conditions apply to the use of dynamic CoS with 802.1X authentication on the switch:
• In accordance with port-based QoS, incoming dot1p values can be mapped to only four priority values: 0, 2, 4, and 6. If the RADIUS
server returns any other dot1p value (1, 3, 5, or 7), the value is not used and frames are forwarded on egress queue 0 without changing
the incoming dot1p value. The example shows how dynamic CoS remaps (or does not remap) the dot1p priority in 802.1X-authenticated
trac and how the frames are forwarded:
Incoming Frame RADIUS-based Outgoing Frame Egress Queue
Tagged dot1p CoS Remap Table Tagged dot1p
-------------- --------------- -------------- ------------
0 7 0 0
1 5 1 0
2 4 4 2
3 6 6 3
112
802.1X