Show active per-port CoS and rate-limiting configuration

Syntax


show port-access 
 web-based clients [port-list] detail

mac-based clients [port-list] detail

authenticator clients [port-list] detail

If the switch receives an 802.1p priority (CoS) and rate-limit settings from a RADIUS server as the result of a client authentication on a port, the above commands display the assigned values while the client's session is active. When the session ends, the values for that client are no longer displayed.

The priority and inbound (ingress) rate-limit are applied only to the inbound traffic of the client whose authentication triggered the assignment. The outbound (egress) rate-limit applies to all outbound traffic on the port.


web-based [port-list] clients detail

Displays, for a Web authenticated client (web-based authentication), the status of RADIUS-assignment details for that client. See Viewing status of ports enabled for web-based authentication.


mac-based [port-list] clients detail

Displays, for a MAC authenticated client (MAC-Auth), the status of RADIUS-assignment details for that client.


authenticator [port-list] clients detail

Displays, for an 802.1X- authenticated client, the status of RADIUS-assignment details for that client.

Example

Suppose port 4 has been statically configured from the CLI with the following:
  • 802.1p priority: 7

  • Inbound rate-limit: 50 percent

  • Outbound rate-limit: 50 percent

The above, statically configured, per-port priority and inbound rate-limit settings do not apply to any clients who authenticate and receive different inbound priority and rate-limit settings from the RADIUS server. If the RADIUS server also assigns an outbound rate-limit setting, which is applied per-port instead of per-client, then the outbound traffic from the port to all connected clients are rate-limited according to the value set by the server for the most recently authenticated client. Thus, if client "X" authenticates with web-based authentication on port 4 with a RADIUS server that assigns a priority of 3, an inbound rate-limit of 10,000 kbps, and an outbound rate-limit of 50,000 kbps, then:
  • The inbound traffic from client "X" is subject to a priority of 3 and inbound rate-limit of 10,000 kbps. Traffic from other clients using the port is not affected by these values.

  • The combined rate-limit outbound for all clients using the port is 50,000 kbps until either all client sessions end, or another client authenticates and receives a different outbound rate-limit.

NOTE:

Mixing CLI-configured and RADIUS-assigned rate-limiting on the same port can produce unexpected results. See Per-port bandwidth override.

Where multiple clients are currently authenticated on a given port where outbound (egress) rate-limiting values have been assigned by a RADIUS server, the port operates with the outbound rate-limit assigned by RADIUS for the most recently authenticated client. Any earlier outbound rate-limit values assigned on the same port for other authenticated client sessions that are still active are superseded by the most recent RADIUS-assigned value. For example, if client "X" is authenticated with an outbound rate-limit of 750 kbps, and client "Y" later becomes authenticated with an outbound rate-limit of 500 kbps while the session for client "X" is still active, then the port operates with an outbound rate-limit of 500 kbps for both clients.

While a RADIUS-assigned client session is active on a given port, any RADIUS-imposed values for the settings listed here are applied as shown:

Application of RADIUS-Assigned Values

Dynamic RADIUS assignment options

Static per-port setting options

Application of dynamic RADIUS assignment

802.1p Priority (CoS)


qos priority <0 - 7>

Applies per-client; that is, only to client whose authentication triggered the assignment. (Up to 32 clients supported per-port.)

Inbound (Ingress) Rate-Limiting


rate-limit {<all | bcast | icmp | mcast>} in {<kbps | percent>}
 

Outbound (Egress) Rate-Limiting


rate-limit {<all | bcast | icmp | mcast>} out {<kbps | percent>}

Applies per-port; that is, to all clients on the port.1

1

Uses the value assigned to the port by the most recent instance of client authentication.

Assignment method on port 10

802.1p

Inbound rate-limit

Outbound rate-limit

Statically Configured Values

7

100,000 kbs

100,000 kbs

RADIUS-assigned when client "X" authenticates

3

10,000 kbs

50,000 kbs

The Outbound rate-limit is the combined rate-limit output for all clients active on the port.

Results of client authentication on port 4