Rate-limiting
CAUTION:
Rate-limiting is intended for use on edge ports in a network. It is not recommended for
use on links to other switches, routers, or servers within a network, or for use in the network core.
Doing so can interfere with applications the network requires to function properly.
All traffic rate-limiting
Rate-limiting for all traffic operates on a per-port basis to allow only the specified bandwidth to be used for
inbound or outbound traffic. When traffic exceeds the configured limit, it is dropped. This effectively sets a usage
level on a given port and is a tool for enforcing maximum service level commitments granted to network users.
This feature operates on a per-port level and is not configurable on port trunks. Rate-limiting is designed to be
applied at the network edge to limit traffic from non-critical users or to enforce service agreements such as those
offered by Internet Service Providers (ISPs) to provide only the bandwidth for which a customer has paid.
NOTE:
Rate-limiting also can be applied by a RADIUS server during an authentication client session.
Applying rate-limiting to desirable traffic is
not recommended
. For further details, see "RADIUS
Authentication and Accounting" in the access security guide for your switch.
The switches also support ICMP rate-limiting to mitigate the effects of certain ICMP-based attacks.
ICMP traffic is necessary for network routing functions. For this reason, blocking all ICMP traffic is not
recommended.
Configuring in/out rate-limiting
Syntax:
[no] int <
port-list>
rate-limit all <in|out> percent <0-100>|kbps <0-100000000>>
Configures a traffic rate limit (on non-trunked ports) on the link. The
no
form of the command disables rate-limiting
on the specified ports.
The
rate-limit all
command controls the rate of traffic sent or received on a port by setting a limit on the
bandwidth available. It includes options for:
• Rate-limiting on inbound or outbound traffic.
• Specifying the traffic rate as either a percentage of bandwidth, or in terms of bits per second.
(Default: Disabled.)
in
or
out
Specifies a traffic rate limit on inbound traffic passing through that port or on outbound traffic.
percent
or
kbps
Specifies the rate limit as a percentage of total available bandwidth, or in kilobits per second.
Chapter 6
Port Traffic Controls
Chapter 6 Port Traffic Controls
153