cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2405
Views
45
Helpful
12
Replies

How to limit bandwidth for Wired Clients on a per user or Group basis?

Ferdaush
Level 1
Level 1

Hi Experts,

we know that Cisco ISE is a security policy management platform that provides secure access to network resources, can we do bandwidth control by Cisco ISE policy for Wired clients (802.1x Clients) on a per user or gruop basis?

2 Accepted Solutions

Accepted Solutions

Ferdaush
Level 1
Level 1

Thanks, I am looking for the QoS configuration example or solution for the Cisco Catalyst 9300 Series Switches and ISE Authorization profile idea. I did applied worksome but not as expected output gotten. I used AuthZ profile for Cisco:cisco-data-rate Radius advance attributies.

Client details1.jpg

 

 

 

View solution in original post

12 Replies 12

balaji.bandi
Hall of Fame
Hall of Fame

may be you need to manually configure on the switches?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks a lot for your comment but I think there should be way bind policy with Switch like Cisco WLC. If you have any idea

Wiress is different compare to Wired network.

You can use QoS policies as suggested.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@Ferdaush You can authorise the users by AD user or group membership and then dynamically send the specific RADIUS attributes. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_radatt/configuration/15-mt/sec-usr-radatt-15-mt-book/sec-rad-att-AAA-per-VC.html

 

Just to clarity is this works on Ethernet port ? (never tested) - but keen to know.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes, Ethernet port.

Ferdaush
Level 1
Level 1

I idea is use Cisco ISE instead of Packetshaper system in some cases. May be control network bandwidth by user or AD group basis. Thanks @balaji.bandi and @Rob Ingram for your response.

@Ferdaush another option you could apply the QoS configuration (and other settings) in an interface template. Then from ISE use the authorisation profile to define the interface template and assign this on a per AD group basis.

Ferdaush
Level 1
Level 1

Thanks, I am looking for the QoS configuration example or solution for the Cisco Catalyst 9300 Series Switches and ISE Authorization profile idea. I did applied worksome but not as expected output gotten. I used AuthZ profile for Cisco:cisco-data-rate Radius advance attributies.

Client details1.jpg

 

 

 

Ferdaush
Level 1
Level 1

Could you please share "QoS configuration (and other settings) in an interface template" if you have any @Rob Ingram