Arbitrating client-specific attributes

In previous releases, client-specific authentication parameters for 802.1X Web, and MAC authentication are assigned to a port using different criteria. A RADIUS-assigned parameter is always given highest priority and overrides statically configured local passwords. 802.1X authentication parameters override Web or MAC authentication parameters.

DCA stores client-specific authentication parameters and prioritizes them according to the following hierarchy of precedence:

  1. RADIUS-assigned
    1. 802.1X authentication

    2. Web or MAC authentication

  2. Statically (local) configured

Client-specific configurations are applied on a per-parameter basis on a port. In a client-specific profile, if DCA detects that a parameter has configured values from two or more levels in the hierarchy of precedence described above, DCA decides which parameters to add or remove, or whether to fail the authentication attempt due to an inability to apply the parameters.

In addition, DCA supports conflict resolution for QoS (port-based CoS priority) and rate-limiting (ingress) by determining whether to configure either strict or nonstrict resolution on a switchwide basis.

For information on how to configure RADIUS-assigned and locally configured authentication settings, see: