Service Manual
NOTE: When a priority is statically configured using the dynamic dot1p command and dynamically configured using
dynamic CoS with 802.1X, the dynamic configuration takes precedence.
You can use dynamic CoS with 802.1X is when the traffic from a server should be classified based on the application that it is
running. A static dot1p priority configuration applied from the switch is not sufficient in this case, as the server application might
change. You would instead need to push the CoS configuration to the switches based on the application the server is running.
Dynamic CoS uses RADIUS attribute 59, called User-Priority-Table, to specify the priority value for incoming frames. Attribute
59 has an 8-octet field that maps the incoming dot1p values to new values; it is essentially a dot1p re-mapping table. The
position of each octet corresponds to a priority value: the first octet maps to incoming priority 0, the second octet maps to
incoming priority 1, etc. The value in each octet represents the corresponding new priority.
To use dynamic CoS with 802.1X authentication, no configuration command is required. You must only configure the supplicant
records on the RADIUS server, including VLAN assignment and CoS priority re-mapping table. VLAN and priority values are
automatically applied to incoming packets. The RADIUS server finds the appropriate record based on the supplicant’s credentials
and sends the priority re-mapping table to the Dell EMC Networking system by including Attribute 59 in the AUTH-ACCEPT
packet.
The following conditions apply to the use of dynamic CoS with 802.1X authentication on the switch:
● In accordance with port-based QoS, incoming dot1p values can be mapped to only four priority values: 0, 2, 4, and 6. If the
RADIUS server returns any other dot1p value (1, 3, 5, or 7), the value is not used and frames are forwarded on egress queue
0 without changing the incoming dot1p value. The example shows how dynamic CoS remaps (or does not remap) the dot1p
priority in 802.1X-authenticated traffic and how the frames are forwarded:
Incoming Frame RADIUS-based Outgoing Frame Egress Queue
Tagged dot1p CoS Remap Table Tagged dot1p
-------------- --------------- -------------- ------------
0 7 0 0
1 5 1 0
2 4 4 2
3 6 6 3
4 3 4 0
5 1 5 0
6 2 2 0
7 4 4 2
● The priority of untagged packets is assigned according to the remapped value of priority 0 traffic in the RADIUS-based table.
For example, in the following remapping table, untagged packets are tagged with priority 2:
DellEMC#show dot1x cos-mapping interface TenGigabitethernet 2/3
802.1Xp CoS remap table on Te 2/3:
-----------------------------
Dot1p Remapped Dot1p
0 2
1 6
2 5
3 4
4 3
5 2
6 1
7 0
● After being re-tagged by dynamic CoS for 802.1X, packets are forwarded in the switch according to their new CoS priority.
● When a supplicant logs off from an 802.1X authentication session, the dynamic CoS table is deleted or reset. When an 802.1x
session is re-authenticated, the previously assigned CoS table is retained through the re-authentication process. If the re-
authentication fails, the CoS table is deleted. If the re-authentication is successful and the authentication server does not
include a CoS table in the AUTH-ACCEPT packet, the previously assigned CoS table MUST be deleted. If the re-
authentication is successful and the server sends a CoS table, the old CoS table is overwritten with the new one.
● If multi-supplicant authentication mode is enabled on a port, you can configure a CoS mapping table for specified MAC
addresses in the RADIUS server. Dell EMC Networking OS then maintains a per-MAC CoS table for each port, and marks the
priority of all traffic originating from a configured MAC address with the corresponding table value.
● To display the CoS priority-mapping table provided by the RADIUS server and applied to authenticated supplicants on an
802.1X-enabled port, enter the show dot1x cos-mapping interface command.
802.1X
103