KSZ8794CNX Datasheet, PDF(38/124 Page) Microchip Technology – Integrated 4-Port 10/100 Managed Ethernet Switch with Gigabit RGMII/MII/RMII Interface

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

KSZ8794CNX Datasheet, PDF (38/124 Pages) Microchip Technology – Integrated 4-Port 10/100 Managed Ethernet Switch with Gigabit RGMII/MII/RMII Interface

◁

KSZ8794CNX

3.6.9.3 Transmit Queue Ratio Programming

In transmit queues 0-3 of the egress port, the default priority ratio is 8:4:2:1. The priority ratio can be programmed by

the Port Control 10, 11, 12, and 13 registers. When the transmit rate exceeds the ratio limit in the transmit queue, the

transmit rate will be limited by the transmit queue 0-3 ratio of the Port Control 10, 11, 12, and 13 registers. The highest

priority queue will not be limited. Other lower priority queues will be limited based on the transmit queue ratio.

3.6.10 VLAN AND ADDRESS FILTERING

To prevent certain kinds of packets that could degrade the quality of the switch in applications such as voice over internet

protocol (VoIP), the switch provides the mechanism to filter and map the packets with the following MAC addresses and

VLAN IDs.

â¢ Self-address packets

â¢ Unknown unicast packets

â¢ Unknown multicast packets

â¢ Unknown VID packets

â¢ Unknown IP multicast packets

The packets sourced from switch itself can be filtered out by enabling self-address filtering via the Global Control 18

Register Bit[6]. The self-address filtering will filter packets on the egress port; self MAC address is assigned in the Reg-

ister 104-109 MAC Address Registers 0-5.

The unknown unicast packet filtering can be enabled by the Global Control Register 15 Bit[5] and Bits[4:0] specify the

port map for forwarding.

The unknown multicast packet filtering can be enabled by the Global Control Register 16 Bit[5] and forwarding port map

is specified in Bits[4:0].

The unknown VID packet filtering can be enabled by Global Control Register 17 Bit[5] with forwarding port map specified

in Bits[4:0].

The unknown IP multicast packet filtering can be enable by Global Control Register 18 Bit[5] with forwarding port map

specified in Bits[4:0].

Those filtering above are global based.

3.6.11 802.1X PORT-BASED SECURITY

IEEE 802.1x is a port-based authentication protocol. EAPOL is the protocol normally used by the authentication process

as an uncontrolled port. By receiving and extracting special EAPOL frames, the microprocessor (CPU) can control

whether the ingress and egress ports should forward packets or not. If a user port wants service from another port

(authenticator), it must get approved by the authenticator. The KSZ8794CNX detects EAPOL frames by checking the

destination address of the frame. The destination addresses should be either a multicast address as defined in IEEE

802.1x (01-80-C2-00-00-03) or an address used in the programmable reserved multicast address domain with offset -

00-03. Once EAPOL frames are detected, the frames are forwarded to the CPU so it can send the frames to the authen-

ticator server. Eventually, the CPU determines whether the requestor is qualified or not based on its MAC_Source

addresses, and frames are either accepted or dropped.

When the KSZ8794CNX is configured as an authenticator, the ports of the switch must then be configured for authori-

zation. In an authenticator-initiated port authorization, a client is powered up or plugs into the port, and the authenticator

port sends an extensible authentication protocol (EAP) PDU to the supplicant requesting the identification of the suppli-

cant. At this point in the process, the port on the switch is connected from a physical standpoint; however, the 802.1X

process has not authorized the port and no frames are passed from the port on the supplicant into the switching fabric.

If the PC attached to the switch did not understand the EAP PDU that it was receiving from the switch, it would not be

able to send an ID and the port would remain unauthorized. In this state, the port would never pass any user traffic and

would be as good as disabled. If the client PC is running the 802.1X EAP, it would respond to the request with its con-

figured ID. This could be a user name/password combination or a certificate.

After the switch, the authenticator receives the ID from the PC (the supplicant). The KSZ8794CNX then passes the ID

information to an authentication server (RADIUS server) that can verify the identification information. The RADIUS

server responds to the switch with either a success or failure message. If the response is a success, the port will then

be authorized and user traffic will be allowed to pass through the port like any switch port connected to an access device.

If the response is a failure, the port will remain unauthorized and, therefore, unused. If there is no response from the

server, the port will also remain unauthorized and will not pass any traffic.

DS00002134A-page 38

ï£ 2016 Microchip Technology Inc.

▷