Egress (outbound) traffic

The most recent RADIUS-assigned egress rate-limit specifies the maximum egress rate-limit for a port, even if the CLI has also been used to configure an egress rate limit on the port.

Rate-limit assignment method

Rate-limit actions and restrictions


CLI ingress rate-limit per-port rate-limit all in

Determines the maximum ingress bandwidth available on the port, regardless of any RADIUS-assigned per-client rate-limits dynamically assigned to the same port.

RADIUS ingress rate-limit per-client VSA 46

Each client is allowed the inbound bandwidth individually assigned to it by the RADIUS server, up to the port's physical capacity, unless the available bandwidth on the port has been reduced by a CLI-assigned per-port bandwidth limit.


CLI egress rate-limit per-port rate-limit all out

Determines the maximum egress bandwidth available on the port, unless there is also a RADIUS-assigned per-port rate limit on the port.

RADIUS egress rate-limit per client VSA 48

The most recent client to authenticate determines the maximum egress bandwidth on the port for all outbound traffic, regardless of any CLI-assigned per-port outbound rate-limit.

For example, suppose the CLI is used to configure a gigabit port to have an ingress rate limit of 500,000 Kbps (50% of available bandwidth), and is receiving 450,000 Kbps of traffic from existing clients. If a RADIUS server then authenticates a new client with an ingress rate-limit of 100,000 Kbps, the maximum ingress rate limit actually available for the new client is 50,000 Kbps as long as the bandwidth usage by the other clients already on the port remains at 450,000 Kbps.

For more on static rate-limiting, see "Rate-Limiting" in the "Port Traffic Controls" in the management and configuration guide for your switch.