per user ACL's and QoS

rui.silva · ‎10-25-2006

I there !!1

I have a network that uses MS IAS for Radius auth in a wireless network. I'd like to setup 802.1x in all the switchs we have. The auth thing is simple (I hope). I've Found information on assigning user to a Vlan thru a radius response, but i'm trying to go beond that.

I'm trying to find if it's possible to use per user ACL's in 2950 Switches?

I've been searching, and I found DACL's, but all the nformation only points to PIX/ASA/Router products. Is it possible to use this in switches?? or theres something like his.

I Want to stop traffic in this switchs, so it doesn't clutter the network. And because a have several groups of users inside a master group, i.e.: I have TEachers and then inside that I have Mecanics Theachers, Computer ENG Teachers, ... You get the picture.. :)

Is it possible and where can I find Information. (IOS version no problem, I'll buy the version needed)

Regards,

Rui Silva

Instituto Polit?cnico de Leiria

Portugal

sbilgi · ‎10-31-2006

he following example shows that per-user QoS is being configured using the AAA policy name "policy_class_1_2":

class-map match-all class1

match access-group 101

class-map match-all class2

match qos-group 4

match access-group 101

policy-map policy_class_1_2

class class1

bandwidth 3000

queue-limit 30

class class2

bandwidth 2000

class class-default

bandwidth 500

peruser_qos_1 Password = "lab"

Service-Type = Framed,

Framed-Protocol = PPP,

Cisco:Cisco-avpair = "ip:sub-policy-In=ssspolicy"

!ssspolicy in the above line is the name of the policy.

peruser_qos_2 Password = "lab"

Service-Type = Framed,

Framed-Protocol = PPP,

Cisco:Cisco-avpair = "ip:sub-policy-Out=ssspolicy"