Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

761

762

763

764

765

766

767

768

769

770

• sends a CoA-Nak with an error-cause value of 506 (resource unavailable), if it is not able to disable the 802.1x enabled port.

• discards the packet, if simultaneous requests are received for the same NAS Port.

Important points to remember

Virtual link truncking (VLT) scenario

This section describes how the secondary NAS processes the PE port authorization RADIUS requests to the primary NAS.

• The NAS VLT chassis member processes the RADIUS dynamic authorization message locally if the role of chassis is primary.

• The NAS secondary VLT chassis member forwards the RADIUS dynamic authorization message authorizing dual-homed Port Extender

(PE) ports to the primary VLT peer. NAS secondary VLT chassis member forwards the response to DAC after receiving it from the

primary VLT peer.

• The NAS VLT secondary chassis member processes the RADIUS dynamic authorization message authorizing non-PE Control Bridge

(CB) ports locally.

RPM failover scenario

This section describes how the NAS handles virtual IP failovers to the secondary RPM.

• The NAS Route Processor Module (RPM) processes the RADIUS dynamic authorization message only if the role of RPM is active.

• The NAS standby RPM processes the retransmitted CoA or DM messages without requiring a chassis reboot if primary RPM fails and

standby becomes primary.

Stack failover scenario

This section describes the stack failover scenario.

• The NAS stacking module processes the RADIUS dynamic authorization messages only if the role of module is master.

• The NAS standby stacking module processes the retransmitted CoA or DM messages without requiring a chassis reboot, if the master

module fails and the standby module becomes the master.

Conguring replay protection

NAS enables you to congure the replay protection window period.

NAS drops the packets if duplicate packets are received within replay protection window period. The default value is 5 minutes.

Enter the following command to congure replay protection:

replay-prot-window minutes

NAS considers the new replay protection window value from next window period. The range is from 1 to 10 minutes. The default is 5

minutes.

Dell(conf-dynamic-auth#)replay-prot-window 10

Rate-limiting RADIUS packets

NAS enables you to allow or reject RADIUS dynamic authorization packets based on the rate-limiting value that you specify.

NAS lets you to congure number of RADIUS dynamic authorization packets allowed per minute. The default value is 30 packets per

minute. NAS discards the packets, if the number of RADIUS dynamic authorization packets in the current interval cross the congured

rate-limit value.

Enter the following command to congure rate-limiting:

rate-limit number

764

Security