QoS Assignment and Rate Limiting for Quarantined VLANs
When devices are quarantined, they are isolated from the rest of the network. However, they can still impact the network if not controlled beyond isolation. A quarantined host, which offers heavy traffic, could congest the network and create a DOS-style reduction in service to authorized hosts.
Within the quarantined VLAN, two restrictions are available within the network:
- Traffic policing (also known as rate limiting)
- QoS (Quality of Service) assignment (also known as priority assignment)
Each quarantined host's traffic can be subject to rate limiting and priority adjustment. This reduces the impact that any quarantined host can have on authorized traffic on the network.
You can only configure this feature by using the CLI.
config switch-controller traffic-policy (traffic-policy) # get == [ quarantine ] -----> newly added pre-defined traffic-policy for quarantine (not only for quarantine, can be applied to other switch vlan interface based on configuration) name: quarantine == [ sniffer ] name: sniffer (traffic-policy) # edit quarantine (quarantine) # show config switch-controller traffic-policy edit "quarantine" set description "Rate control for quarantined traffic" set guaranteed-bandwidth 163840 set guaranteed-burst 8192 set maximum-burst 163840 set cos-queue 0 next end next end end config system interface edit "qtn.aggr1" set vdom "root" set ip 10.254.254.254 255.255.255.0 set description "Quarantine VLAN" set security-mode captive-portal set replacemsg-override-group "auth-intf-qtn.aggr1" set device-identification enable set snmp-index 30 set switch-controller-access-vlan enable set switch-controller-traffic-policy "quarantine" -----> By default, switch-controller-traffic-policy is empty. Users need to apply the necessary traffic-policy, not only limited to "quarantine" set color 6 set interface "aggr1" set vlanid 4093 next end