QoS Profile Configuration 375
The user (with user name someone and authentication password hello) is accessed
from the Ethernet1/0/1 port into the Switch. The user is assigned into the
3com163.net domain. The QoS profile example references the ACL with bandwidth
limited to 128 kbps and new DSCP preference value 46.
Network Diagram
Figure97 Network Diagram for QoS Configuration
Configuration Procedure
1Configuration on the AAA server
Configure on the AAA server the mapping between QoS profiles and user
names/authentication information. The configuration details are omitted here.
2Configuration on the Switch
aEnable 802.1x
[SW5500]dot1x
[SW5500]dot1x interface ethernet 1/0/1
bConfigure IP address for the RADIUS server
[SW5500]radius scheme radius1
[SW5500-radius-radius1]primary authentication 10.11.1.1
[SW5500-radius-radius1]primary accounting 10.11.1.2
[SW5500-radius-radius1]secondary authentication 10.11.1.2
[SW5500-radius-radius1]secondary accounting 10.11.1.1
cConfigure authentication password on the RADIUS server for the Switch
[SW5500-radius-radius1]key authentication name
[SW5500-radius-radius1]key accounting money
dConfigure the Switch to remove the user domain name from the user name and
then to transfer it to the RADIUS server
[SW5500-radius-radius1]user-name-format without-domain
[SW5500-radius-radius1]quit
eCreate the user domain 3com163.net and specify radius1 as the RADIUS server
group for the user.
[SW5500]domain 3com163.net
[SW5500-isp-3com163.net]radius-scheme radius1
[SW5500-isp-3com163.net]quit
fDefine the ACL
[SW5500]acl number 3000
[SW5500-acl-adv-3000]rule 1 permit ip destination any
[SW5500-acl-adv-3000]quit
Network
AAA Server
Switch
User
Network