Configuring RADIUS port speed VSA

The RADIUS Vendor Specific Attribute (VSA)—HP-Port-Speed—permits the configuration of automated port speed. The port comes up at the auto-negotiated speed during initial authentication, and then the VSA overrides this auto-negotiated speed and configures it to the port speed set in the VSA.

The authentication sequence is:

  1. The client establishes a link to the switch on a MAC-authentication port and sends packets, starting authentication.

  2. RADIUS returns an Access-Accept message for the client’s MAC address with the desired HP-Port-Speed VSA.

  3. The switch changes the port speed based on the value of the HP-Port-Speed VSA. This VSA is the first one to be processed.

  4. If the VSA port speed is different from the current port setting, the switch port resets and comes back up with the VSA speed setting.

  5. The client again established a link to the switch at the new VSA port speed and sends packets. This start authentication.

  6. RADIUS returns the Access-Accept message with HP-Port-Speed as before, but since the port is now at that desired speed, the switch now proceeds with the processing of the other VSAs.

  7. If the client is removed after the new port speed is set, but before the client re-establishes the link, the next client authenticates without using the HP-Port-Speed VSA, and the port speed is reset to the configured port speed (if any) or to the default port speed.

The VSA is comprised of:

  • VSA Attribute Name: HP-Port-Speed-VSA

  • VSA Type: String

  • VSA Type Number: 49