Article ID: 7177
Firmware 3.03.38 and lower
Firmware 3.00.18 and lower
NetSight Policy Manager
Version 2.0.1 and lower
Rate limiting not functioning for untagged traffic
'set port ratelimit'
802.1Q-VLAN-tagged traffic can be rate limited according to its priority association based on policy.
Untagged traffic, on the other hand, cannot
be rate limited according to its priority association based on policy or ingress port priority. This is because priority based (port) rate limiters are applied by hardware prior to packet classification. The impact of this is that all non-priority tagged traffic will have the limiter associated with the default queue (queue 0) applied. This is true even if the packet is later classified to a new priority level. If, however, a rate limit is created for priority 0, all priority (0-7) untagged traffic will be rate limited.
Upgrade to Policy Manager 2.1 or higher, and use Role Based Rate Limiting.
Role Based Rate Limiting provides a very granular rate limiting solution. Unlike our traditional Priority Based Rate Limiting, role based enables rate limits to be assigned at the role and rule level rather than assigning rate limits to 802.1p priority queues.
Policy Manager now supports inbound role-based rate limiting on SecureStack C2/B2 Devices.
This also requires the use of C2 firmware 4.00.24 or higher, and/or B2 firmware 3.01.16 or higher.