7-4
Configuring RADIUS Server Support for Switch Services
RADIUS Server Configuration for CoS (802.1p Priority) and Rate-Limiting
To configure support for the services listed in table 7-2 on a specific RADIUS
server application, refer to the documentation provided with the RADIUS
application.
Ingress (Inbound)
Rate-Limiting Per-
User
Assigns a RADIUS-
configured bandwidth
limit to the inbound
packets received from
a specific client
authenticated on a
port.
Note: Beginning with
software release
K.14.01, this attribute
is assigned per-
authenticated-user
instead of per-port. To
assign a per-port
inbound rate limit, use
the rate-limit all in CLI
command instead of
this option.
Vendor-Specific Attribute used in the RADIUS server.
HP vendor-specific ID:11
VSA: 46
Setting: HP-Bandwidth-Max-Egress = < bandwidth-in-Kbps >
Note: RADIUS-assigned rate-limit bandwidths must be specified in
Kbps. (Bandwidth percentage settings are not supported.) Using a
VSA on a RADIUS server to specify a per-user rate-limit requires
the actual Kbps to which you want to limit ingress (inbound) traffic
volume. For example, to limit inbound traffic on a gigabit port to half
of the port’s bandwidth capacity requires a VSA setting of 500,000
Kbps.
Requires a port-access authentication method (802.1X, Web Auth,
or MAC Auth) configured on the client’s port on the switch.
The actual bandwidth available for ingress traffic from an
authenticated client can be affected by the total bandwidth available
on the client port. Refer to “Per-Port Bandwidth Override” on page
7-6.
Egress (Outbound)
Rate-Limiting Per-
Port
Assigns a RADIUS-
configured bandwidth
limit to the outbound
traffic sent to a switch
port.
Vendor-Specific Attribute used in the RADIUS server.
HP vendor-specific ID:11
VSA: 48 (string = HP)
Setting: HP-RATE-LIMIT = < bandwidth-in-Kbps >
Note: RADIUS-assigned rate-limit bandwidths must be specified in
Kbps. (Bandwidth percentage settings are not supported.) Using a
VSA on a RADIUS server to specify a per-port rate-limit requires
the actual Kbps to which you want to limit outbound traffic volume.
For example, to limit outbound traffic on a gigabit port to half of the
port’s bandwidth capacity requires a VSA setting of 500,000 Kbps.
In instances where multiple, authenticated clients are using this
feature on the same switch port, only one (per-port) rate limit will
be applied. In this case, the actual rate used is the rate assigned
by the RADIUS server to the most recently authenticated client.
This rate remains in effect as long as any authenticated client
remains connected on the port.
Requires a port-access authentication method (802.1X, Web Auth, or
MAC Auth) configured on the client’s port on the switch.
The actual bandwidth available for egress traffic from an authenti-
cated client can be affected by the total bandwidth available on the
client port. Refer to “Per-Port Bandwidth Override” on page 7-6.
Service Control Method and Operating Notes:
To Next Page
Loading...
Need help?
General
