HP 3500yl Series Access Security Manual page 324
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
Configuring RADIUS Server Support for Switch Services
RADIUS Server Configuration for CoS (802.1p Priority) and Rate-Limiting
Per- Port
B a n d w i d t h
O v e r r i d e
7-6
HP recommends that rate-limiting be configured either solely through
RADIUS assignments or solely through static CLI configuration on the switch
unless the potential for the override described below is specifically desired.
Ingress (Inbound) Traffic. Beginning with software release K.14.01,
RADIUS-assigned ingress rate-limits are applied to individual clients instead
of to the client's port. But if you use the CLI to configure a per-port ingress
rate-limit on the same port where an authenticated client receives a RADIUS-
assigned ingress rate-limit, the client's assigned ingress limit can be reduced
by the CLI-configured port ingress limit. This occurs if the port reaches its CLI-
configured rate-limit maximum before the client reaches its RADIUS-assigned
rate-limit maximum, thus denying the client its intended maximum.
Egress (Outbound) Traffic. The most recent RADIUS-assigned egress
rate-limit specifies the maximum egress rate-limit for a port, even if the CLI
has also been used to configure an egress rate limit on the port.
Rate-Limit Assignment Method
CLI ingress rate-limit per-port
rate-limit all in
RADIUS ingress rate-limit per-
client
VSA 46
CLI egress rate-limit per-port
rate-limit all out
RADIUS egress rate-limit per
client
VSA 48
For example, suppose the CLI is used to configure a gigabit port to have an
ingress rate limit of 500,000 Kbps (50% of available bandwidth), and is
receiving 450,000 Kbps of traffic from existing clients. If a RADIUS server then
authenticates a new client with an ingress rate-limit of 100,000 Kbps, the
maximum ingress rate limit actually available for the new client is 50,000 Kbps
as long as the bandwidth usage by the other clients already on the port remains
at 450,000 Kbps.
For more on static rate-limiting, refer to "Rate-Limiting" in the "Port Traffic
Controls" chapter of the latest Management and Configuration Guide for
your switch.
Rate-Limit Actions and Restrictions
Determines the maximum ingress bandwidth
available on the port, regardless of any RADIUS-
assigned per-client rate-limits dynamically assigned
to the same port.
Each client is allowed the inbound bandwidth
individually assigned to it by the RADIUS server, up
to the port's physical capacity, unless the available
bandwidth on the port has been reduced by a CLI-
assigned per-port bandwidth limit.
Determines the maximum egress bandwidth
available on the port, unless there is also a RADIUS-
assigned per-port rate limit on the port.
The most recent client to authenticate determines
the maximum egress bandwidth on the port for all
outbound traffic, regardless of any CLI-assigned per-
port outbound rate-limit.
Hide quick links:
Advertisement
Chapters
Table of Contents
