hi,

is there a way to assigen a QoS service policy via Radius to an Caltalyst 4500/3750 Switchport?

in detail, we would like to assign this policy

    policy-map SET_EF
     class class-default
       set dscp ef

to an interface. All traffic should be marked with a defined DSCP value.

This works find when doing it statically with

    interface FastEthernet2/1
         service-policy input SET_EF

but we would need to assign such a policy via Radius during the 802.1x Authentication. different users should get differnt policies. We use Cisco ACS 5.2 as Radius Server and there actually is a field for
that in the Authorization Profile Common Tasks Configuration. in detail, this uses the cisco-av-pair "sub-policy-In=<policy name>" attribute to assign a service policy to an NAS.

we found also two other attributes "sub-qos-policy-in" and "ip:sub-qos-polcy-in" for that. CCO says that "ip:sub-qos-polcy-in" works with Catalyst 65k (http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1926523)

unfortunately this seems to not work on Catalyst 45k and 37k.

In the ACS Logs we can see that these attributes are attached to the Radius Reply, but unfortunately they are ignored by the switch.

it is interesing that when entering "show aaa attributes" on the Catalyst 45k, these attributes are displayd - so for my understanding the switch should understand these attibutes (?)

    4503-E#sh aaa attributes
   
    AAA ATTRIBUTE LIST:
        Type=1     Name=disc-cause-ext                 Format=Enum
        Type=2     Name=Acct-Status-Type               Format=Enum

    <snip>

        Type=345   Name=sub-policy-In                  Format=String
        Type=346   Name=sub-qos-policy-in              Format=String
        Type=347   Name=sub-policy-Out                 Format=String
        Type=348   Name=sub-qos-policy-out             Format=String

any input is welcome :-))

best reagrds