Table 4 CoS and rate-limiting services (continued)
Control method and operating notesService
For more on 802.1p priority levels, see "Overview" in the
"Quality of Service (QoS)" chapter of the latest HP Switch
Software Advanced Traffic Management Guide for your
switch.
VSA used in the RADIUS server.Ingress (inbound) rate-limiting per-user
HP vendor-specific ID:11Assigns a RADIUS-configured bandwidth limit to the
inbound packets received from a specific client
authenticated on a port.
VSA: 46
Setting: HP-Bandwidth-Max-Egress= <bandwidth-in-Kbps>
Note: This attribute is assigned per-authenticated-user, not
per-port. To assign a per-port inbound rate limit, use the
rate-limit all in CLI command.
Note: RADIUS-assigned rate-limit bandwidths must be
specified in Kbps. (Bandwidth percentage settings are not
supported.) Using a VSA on a RADIUS server to specify a
per-user rate-limit requires the actual Kbps to which you
want to limit ingress traffic volume. For example, to limit
inbound traffic on a gigabit port to half the port's
bandwidth requires a VSA setting of 500,000 Kbps.
Requires a port-access authentication method (802.1X,
Web Auth, or MAC Auth) configured on the client's switch
port.
The actual bandwidth available for ingress traffic from an
authenticated client can be affected by the total bandwidth
available on the client port. See (page 32).
VSA used in the RADIUS server.Egress (outbound) rate-limiting per-port
HP vendor-specific ID:11Assigns a RADIUS-configured bandwidth limit to the
outbound traffic sent to a switch port.
VSA: 48 (string=HP)
Setting: HP-RATE-LIMIT=< bandwidth-in-Kbps >
Note: RADIUS-assigned rate-limit bandwidths must be
specified in Kbps — bandwidth percentage settings are
not supported. Using a VSA on a RADIUS server to specify
a per-port rate-limit requires the actual Kbps to which you
want to limit outbound traffic volume. For example, to limit
outbound traffic on a gigabit port to half the port's
bandwidth requires a VSA setting of 500,000 Kbps.
Where multiple, authenticated clients use this feature on
the same switch port, only one (per-port) rate limit is
applied — the actual rate used is the rate assigned by the
RADIUS server to the most recently authenticated client.
This rate remains in effect as long as any authenticated
client remains connected on the port.
Requires a port-access authentication method (802.1X,
Web Auth, or MAC Auth) configured on the client's switch
port.
Actual bandwidth available for egress traffic from an
authenticated client can be affected by the total bandwidth
available on the client port. See “Per-port bandwidth
override” (page 32).
To configure support for the services listed in Table 4 (page 30) on a specific RADIUS server
application, see the documentation provided with the RADIUS application.
Applied rates for RADIUS-assigned rate limits
On the switches covered by this guide, rate limits are applied incrementally as determined by the
RADIUS-applied rate. For any given bandwidth assignment, the switch applies the nearest rate
increment that does not exceed the assigned value. Increments are in graduated steps, as shown
in Table 5 (page 32).
Configuring RADIUS server support for switch services 31
To Next Page
Loading...
Need help?
General
