Ingress (inbound) traffic

RADIUS-assigned ingress rate limits are applied to individual clients instead of to the client port. But if you use the CLI to configure a per-port ingress rate limit on the same port where an authenticated client receives a RADIUS-assigned ingress rate limit, the client assigned ingress limit can be reduced by the CLI-configured port ingress limit. This occurs if the port reaches its CLI-configured rate limit maximum before the client reaches its RADIUS-assigned rate limit maximum, thus denying the client its intended maximum.