One possible solution is to apply service-policy (using Cisco AV-Pair) and that policy has nothing more than just either policer or traffic shaping in class-default. This would work for traffic outgoing towards user. For incoming traffic you can only do policing. You need to enable PPP multilink (even if you have only one connection) in order to apply service-policy.
This is generic solution and can work in many environments. Depending on what kind of connections you're talking about and what is your degree of control over intermediate network between your access server and the customer, there might be some better alternatives (like setting PVC PCR value).
You mean that each individual user is connected via individual POS interface?
I haven't tried yet to clone from Virtual-Template for users connecting via POS (that's what you'll need), but that doesn't sound good at such speeds - all the hardware switching will be effectively degraded by using those software interfaces. I'd apply 'rate-limit' directly on POS interface in such case if you don't require QoS. If you require also QoS, then apply service policy but again directly to the interface.
Here is example of simplest policy:
Apply directly to interface as:
service-policy input subscriber-10Mbps-avg
service-policy output subscriber-10Mbps-avg
If you still decide to go radius way, then here is an example of user profile:
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...