Viewing the currently active per-port CoS and rate-limiting configuration

While a RADIUS-assigned client session is active on a given port, any RADIUS-imposed values for the settings listed in the following table are applied as shown:

Application of RADIUS-assigned values

Dynamic RADIUS assignment options

Static per-port setting options

Application of dynamic RADIUS assignment

802.1p Priority (CoS)

qos priority <0-7>

Applies per-client; that is, only to client whose authentication triggered the assignment. (Up to 32 clients supported per-port.)

Inbound (Ingress) Rate-Limiting

rate-limit <all|bcast|icmp|mcast> in <kbps|percent>  

Outbound (Egress) Rate-Limiting

rate-limit <all|bcast|icmp|mcast> out <kbps|percent>

Applies per-port; that is, to all clients on the port.

Syntax:


show port-access

web-based clients [port-list] detail

mac-based clients [port-list] detail

authenticator clients [port-list] detail

If the switch receives an 802.1p priority (CoS) and/or rate-limit setting(s) from a RADIUS server as the result of a client authentication on a port, the above commands display the assigned values while the client's session is active. When the session ends, the values for that client are no longer displayed.

The priority and inbound (ingress) rate-limit are applied only to the inbound traffic of the client whose authentication triggered the assignment. The outbound (egress) rate-limit applies to all outbound traffic on the port.


web-based clients [port-list] detail

Displays, for a Web authenticated client (web-based authentication), the status of RADIUS-assignment details for that client. See Show commands for web-based authentication.


mac-based clients [port-list] detail

Displays, for a MAC authenticated client (MAC-Auth), the status of RADIUS-assignment details for that client.


authenticator clients [port-list] detail

Displays, for an 802.1X- authenticated client, the status of RADIUS-assignment details for that client.

Example:

Suppose port 4 has been statically configured from the CLI with the following:
  • 802.1p priority: 7

  • Inbound rate-limit: 50 percent

  • Outbound rate-limit: 50 percent

The above, statically configured, per-port priority and inbound rate-limit settings will not apply to any clients who authenticate and receive different inbound priority and rate-limit settings from the RADIUS server. If the RADIUS server also assigns an outbound rate-limit setting, which is applied per-port instead of per-client, then the outbound traffic from the port to all connected clients will be rate-limited according to the value set by the server for the most recently authenticated client. Thus, if client "X" authenticates with web-based authentication on port 4 with a RADIUS server that assigns a priority of 3, an inbound rate-limit of 10,000 kbps, and an outbound rate-limit of 50,000 kbps, then:
  • The inbound traffic from client "X" will be subject to a priority of 3 and inbound rate-limit of 10,000 kbps. Traffic from other clients using the port will not be affected by these values.

  • The combined rate-limit outbound for all clients using the port will be 50,000 kbps until either all client sessions end, or another client authenticates and receives a different outbound rate-limit.

NOTE:

Mixing CLI-configured and RADIUS-assigned rate-limiting on the same port can produce unexpected results. See Per-port bandwidth override.

Where multiple clients are currently authenticated on a given port where outbound (egress) rate-limiting values have been assigned by a RADIUS server, the port operates with the outbound rate-limit assigned by RADIUS for the most recently authenticated client. Any earlier outbound rate-limit values assigned on the same port for other authenticated client sessions that are still active are superseded by the most recent RADIUS-assigned value. For example, if client "X" is authenticated with an outbound rate-limit of 750 kbps, and client "Y" later becomes authenticated with an outbound rate-limit of 500 kbps while the session for client "X" is still active, then the port operates with an outbound rate-limit of 500 kbps for both clients.

Assignment method on port 10

802.1p

Inbound rate-limit

Outbound rate-limit

Statically Configured Values

7

100,000 kbps

100,000 kbps1

RADIUS-assigned when client "X" authenticates

3

10,000 kbps

50,000 kbps1

1

Combined rate-limit output for all clients active on the port.

Results of client authentication on port 4