https://community.extremenetworks.com/t5/faqs/securestack-rate-limiting-not-functioning-as-expected-for/m-p/46858#M422 Article ID: 7177 <BR /> <BR /> <B>Products</B><BR /> Matrix C2<BR /> SecureStack C2<BR /> Firmware 3.03.38 and lower<BR /> SecureStack B2<BR /> Firmware 3.00.18 and lower<BR /> NetSight Policy Manager<BR /> Version 2.0.1 and lower <BR /> <BR /> <B>Protocols/Features</B><BR /> Rate limiting<BR /> 802.1Q<BR /> Policy<BR /> UPN <BR /> <BR /> <B>Symptoms</B><BR /> Rate limiting not functioning for untagged traffic<BR /> 'set port ratelimit' <BR /> <BR /> <B>Cause</B><BR /> 802.1Q-VLAN-tagged traffic can be rate limited according to its priority association based on policy. <BR /> <BR /> Untagged traffic, on the other hand, can<I>not</I> be rate limited according to its priority association based on policy or ingress port priority. This is because priority based (port) rate limiters are applied by hardware prior to packet classification. The impact of this is that all non-priority tagged traffic will have the limiter associated with the default queue (queue 0) applied. This is true even if the packet is later classified to a new priority level. If, however, a rate limit is created for priority 0, all priority (0-7) untagged traffic will be rate limited. <BR /> <BR /> <B>Solution</B><BR /> Upgrade to Policy Manager 2.1 or higher, and use Role Based Rate Limiting. <BR /> <BR /> Role Based Rate Limiting provides a very granular rate limiting solution. Unlike our traditional Priority Based Rate Limiting, role based enables rate limits to be assigned at the role and rule level rather than assigning rate limits to 802.1p priority queues. <BR /> <BR /> <A href="https://extranet.enterasys.com/downloads/Pages/NMS.aspx" target="_blank" rel="nofollow noreferrer noopener">Release notes</A> state:<BR /> Policy Manager now supports inbound role-based rate limiting on SecureStack C2/B2 Devices.<BR /> <BR /> This also requires the use of C2 firmware 4.00.24 or higher, and/or B2 firmware 3.01.16 or higher. Wed, 27 Nov 2013 02:10:00 GMT FAQ_User 2013-11-27T02:10:00Z https://community.extremenetworks.com/t5/faqs/securestack-rate-limiting-not-functioning-as-expected-for/m-p/46858#M422 Article ID: 7177 <BR /> <BR /> <B>Products</B><BR /> Matrix C2<BR /> SecureStack C2<BR /> Firmware 3.03.38 and lower<BR /> SecureStack B2<BR /> Firmware 3.00.18 and lower<BR /> NetSight Policy Manager<BR /> Version 2.0.1 and lower <BR /> <BR /> <B>Protocols/Features</B><BR /> Rate limiting<BR /> 802.1Q<BR /> Policy<BR /> UPN <BR /> <BR /> <B>Symptoms</B><BR /> Rate limiting not functioning for untagged traffic<BR /> 'set port ratelimit' <BR /> <BR /> <B>Cause</B><BR /> 802.1Q-VLAN-tagged traffic can be rate limited according to its priority association based on policy. <BR /> <BR /> Untagged traffic, on the other hand, can<I>not</I> be rate limited according to its priority association based on policy or ingress port priority. This is because priority based (port) rate limiters are applied by hardware prior to packet classification. The impact of this is that all non-priority tagged traffic will have the limiter associated with the default queue (queue 0) applied. This is true even if the packet is later classified to a new priority level. If, however, a rate limit is created for priority 0, all priority (0-7) untagged traffic will be rate limited. <BR /> <BR /> <B>Solution</B><BR /> Upgrade to Policy Manager 2.1 or higher, and use Role Based Rate Limiting. <BR /> <BR /> Role Based Rate Limiting provides a very granular rate limiting solution. Unlike our traditional Priority Based Rate Limiting, role based enables rate limits to be assigned at the role and rule level rather than assigning rate limits to 802.1p priority queues. <BR /> <BR /> <A href="https://extranet.enterasys.com/downloads/Pages/NMS.aspx" target="_blank" rel="nofollow noreferrer noopener">Release notes</A> state:<BR /> Policy Manager now supports inbound role-based rate limiting on SecureStack C2/B2 Devices.<BR /> <BR /> This also requires the use of C2 firmware 4.00.24 or higher, and/or B2 firmware 3.01.16 or higher. Wed, 27 Nov 2013 02:10:00 GMT https://community.extremenetworks.com/t5/faqs/securestack-rate-limiting-not-functioning-as-expected-for/m-p/46858#M422 FAQ_User 2013-11-27T02:10:00Z