Filter
Top Products
802.1X | 131
FTOS Behavior: The following conditions are applied to the use of dynamic CoS with 802.1X
authentication on C-Series and S-Series platforms:
• In accordance with port-based QoS, incoming dot1p values can be mapped to only four priority values: 0, 2,
4, and 6. If the RADIUS server returns any other dot1p value (1, 3, 5, or 7), the value is not used and frames
are forwarded on egress queue 0 without changing the incoming dot1p value. The example shows how
dynamic CoS remaps (or does not remap) the dot1p priority in 802.1X-authenticated traffic and how the
frames are forwarded:
Incoming Frame RADIUS-based Outgoing Frame Egress Queue
Tagged dot1p CoS Remap Table Tagged dot1p
-------------- --------------- -------------- ------------
0 7 0 0
1 5 1 0
2 4 4 2
3 6 6 3
4 3 4 0
5 1 5 0
6 2 2 0
7 4 4 2
• The priority of untagged packets is assigned according to the remapped value of priority 0 traffic in the
RADIUS-based table. For example, in the following remapping table, untagged packets are tagged with
priority 2:
FTOS#show dot1x cos-mapping interface Gigabitethernet 2/32
802.1Xp CoS remap table on Gi 2/32:
-----------------------------
Dot1p Remapped Dot1p
0 2
1 6
2 5
3 4
4 3
5 2
6 1
7 0
• After being re-tagged by dynamic CoS for 802.1X, packets are forwarded in the switch according to their
new CoS priority.
• When a supplicant logs off from an 802.1X authentication session, the dynamic CoS table is deleted or reset.
When an 802.1x session is re-authenticated, the previously assigned CoS table is retained through
the re-authentication process. If the re-authentication fails, the CoS table is deleted. If the
re-authentication is successful and the authentication server does not include a CoS table in the
AUTH-ACCEPT packet, the previously assigned CoS table MUST be deleted. If the
re-authentication is successful and the server sends a CoS table, the old CoS table is overwritten
with the new one.
• If multi-supplicant authentication mode is enabled on a port, you can configure a CoS mapping table for
specified MAC addresses in the RADIUS server. FTOS will then maintain a per-MAC CoS table for each
port, and mark the priority of all traffic originating from a configured MAC address with the corresponding
table value.
• To display the CoS priority-mapping table provided by the RADIUS server and applied to authenticated
supplicants on an 802.1X-enabled port, enter the show dot1x cos-mapping interface
• command.