Administrator Guide

Table Of Contents
You can use dynamic CoS with 802.1X is when the traffic from a server should be classified based on the application that it is running. A
static dot1p priority configuration applied from the switch is not sufficient in this case, as the server application might change. You would
instead need to push the CoS configuration to the switches based on the application the server is running.
Dynamic CoS uses RADIUS attribute 59, called User-Priority-Table, to specify the priority value for incoming frames. Attribute 59 has an
8-octet field that maps the incoming dot1p values to new values; it is essentially a dot1p re-mapping table. The position of each octet
corresponds to a priority value: the first octet maps to incoming priority 0, the second octet maps to incoming priority 1, etc. The value in
each octet represents the corresponding new priority.
To use dynamic CoS with 802.1X authentication, no configuration command is required. You must only configure the supplicant records on
the RADIUS server, including VLAN assignment and CoS priority re-mapping table. VLAN and priority values are automatically applied to
incoming packets. The RADIUS server finds the appropriate record based on the supplicant’s credentials and sends the priority re-mapping
table to the Dell EMC Networking system by including Attribute 59 in the AUTH-ACCEPT packet.
The following conditions apply to the use of dynamic CoS with 802.1X authentication on the switch:
In accordance with port-based QoS, incoming dot1p values can be mapped to only four priority values: 0, 2, 4, and 6. If the RADIUS
server returns any other dot1p value (1, 3, 5, or 7), the value is not used and frames are forwarded on egress queue 0 without
changing the incoming dot1p value. The example shows how dynamic CoS remaps (or does not remap) the dot1p priority in 802.1X-
authenticated traffic and how the frames are forwarded:
Incoming Frame RADIUS-based Outgoing Frame Egress Queue
Tagged dot1p CoS Remap Table Tagged dot1p
-------------- --------------- -------------- ------------
0 7 0 0
1 5 1 0
2 4 4 2
3 6 6 3
4 3 4 0
5 1 5 0
6 2 2 0
7 4 4 2
The priority of untagged packets is assigned according to the remapped value of priority 0 traffic in the RADIUS-based table. For
example, in the following remapping table, untagged packets are tagged with priority 2:
DellEMC#show dot1x cos-mapping interface TenGigabitethernet 2/3
802.1Xp CoS remap table on Te 2/3:
-----------------------------
Dot1p Remapped Dot1p
0 2
1 6
2 5
3 4
4 3
5 2
6 1
7 0
After being re-tagged by dynamic CoS for 802.1X, packets are forwarded in the switch according to their new CoS priority.
When a supplicant logs off from an 802.1X authentication session, the dynamic CoS table is deleted or reset. When an 802.1x session is
re-authenticated, the previously assigned CoS table is retained through the re-authentication process. If the re-authentication fails,
the CoS table is deleted. If the re-authentication is successful and the authentication server does not include a CoS table in the AUTH-
ACCEPT packet, the previously assigned CoS table MUST be deleted. If the re-authentication is successful and the server sends a
CoS table, the old CoS table is overwritten with the new one.
If multi-supplicant authentication mode is enabled on a port, you can configure a CoS mapping table for specified MAC addresses in
the RADIUS server. Dell EMC Networking OS then maintains a per-MAC CoS table for each port, and marks the priority of all traffic
originating from a configured MAC address with the corresponding table value.
To display the CoS priority-mapping table provided by the RADIUS server and applied to authenticated supplicants on an 802.1X-
enabled port, enter the show dot1x cos-mapping interface command.
100
802.1X