KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

181

182

183

184

185

186

187

188

189

190

traffic from non-critical users or to enforce service agreements such as those offered by Internet

Service Providers (ISPs) to provide only the bandwidth for which a customer has paid.

CAUTION: Rate-limiting is intended for use on edge ports in a network. HP does not recommend

it for use on links to other switches, routers, or servers within a network, or for use in the network

core. Doing so can interfere with applications the network requires to function properly.

NOTE: Rate-limiting also can be applied by a RADIUS server during an authentication client

session. (See theAccess Security Guide.)

The switches also support ICMP rate-limiting to mitigate the effects of certain ICMP-based attacks.

The mode using bits per second (bps) in releases before K.12.XX has been replaced by the kilobits

per second (kbps) mode. Switches that have configurations with bps values are automatically

converted when you update your software to the new version. However, you must manually update

to kbps values an older config file that uses bps values or it will not load successfully onto a switch

running later versions of the software (K.12.XX or greater.)

• The rate-limit icmp command specifies a rate limit on inbound ICMP traffic only (See

“ICMP Rate-Limiting” on page 13-9)

• Rate-limiting does not apply to trunked ports (including meshed ports.)

• Kbps rate-limiting is done in segments of 1% of the lowest corresponding media speed.

For example, if the media speed is 100 Kbps, the value would be 1 Mbps.

• A 1 to 100 Kbps rate-limit is implemented as a limit of 100 Kbps

• A limit of 100 to 199 Kbps is also implemented as a limit of 100 Kbps.

• A limit of 200 to 299 Kbps is implemented as a limit of 200 Kbps, and so on.

• Percentage limits are based on link speed.

For example, if a 100 Mbps port negotiates a link at 100 Mbps and the inbound rate-limit is

configured at 50%, the traffic flow through that port is limited to no more than 50 Mbps.

Similarly, if the same port negotiates a 10 Mbps link, it allows no more than 5 Mbps of

inbound traffic.

• Configuring a rate limit of 0 (zero) on a port blocks all traffic on that port. However, if this is

the desired behavior on the port, HP Switch recommends that you use the <port-list>

disable command instead of configuring a rate limit of 0.

• You can configure a rate limit from either the global configuration level or from the port context

level.

Example

Either of the following commands configures an inbound rate limit of 60% on ports A3 to A5:

HP Switch (config #) int a3-a5 rate-limit all in percent 60

HP Switch (eth-A3-A5)# rate-limit all in percent 60

Operating notes for rate-limiting

• Rate-limiting operates on a per-port basis, regardless of traffic priority. Rate-limiting is available

on all types of ports (other than trunked ports) and at all port speeds configurable for these

switches.

• Rate-limiting is not allowed on trunked ports. Rate-limiting is not supported on ports configured

in a trunk group (including mesh ports.) Configuring a port for rate-limiting and then adding

184 Port Traffic Controls