Solved: Re: How do I do this?

ryanlin2002 · ‎08-11-2009

Hi all

My home network consists of two SSIDS, a Home SSID and a Guest SSID.

I have service policy maps applied to both SSIDs to restrict the bandwidth usage.

The Guest SSID is not being used that often in the house, which results in bandwidth being wasted.

What I would like to accomplish is the following:

1. The ability to give Home SSID full bandwidth when there are no guests connected to the Guest SSID.

2. When Guest SSID detects a host or multiple hosts, the Home SSID should give the bandwidth back to the Guest SSID.

For example...

On a 64kbps link, the home ssid is assigned 32kbps and the guest ssid is assigned 32kbps respectively.

When there are no guest machines connected to the guest ssid, the Home ssid network should get the full 64kbps.

If one guest or multiple guests are connected to the guest ssid, then the home ssid should revert back to 32kbps automatically.

I know how to do this if there is only one guest host on the network. I can match the connection patterns in the syslog by looking at the association and deassociation messages. However, this solution would no longer be feasible if there are multiple guest hosts on the guest ssid.

Any suggestions on how to accomplish this?

Thanks

Joe Clarke · ‎08-11-2009

Just to be clear, try:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim "$line"

action 005.2 set line "$_string_result"

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

View solution in original post

Joe Clarke · ‎08-11-2009

This is easily doable with an EEM policy. What version of IOS will you be running? Post the output of the command you will use to determine if someone is associated.

ryanlin2002 · ‎08-11-2009

Hi

Thanks for your fast reply.

I am currently running on IOS 12.4.22.T2 to take advantage of the new EEM 3.0 features.

I run "show dot11 as" to see the ssid client associations.

Thanks

Joe Clarke · ‎08-11-2009

Please post the output of that command when you have a client associated, and when you don't. This may be doable with an EEM applet if you're using EEM 3.0.

ryanlin2002 · ‎08-11-2009

Hi

Here is the output:

Cisco871W#show dot11 as

802.11 Client Stations on Dot11Radio0:

SSID [Guest] :

MAC Address IP address Device Name Parent State

0021.5c39.6c73 10.0.165.2 unknown - self Assoc

SSID [Home] :

Cisco871W#show dot11 as

802.11 Client Stations on Dot11Radio0:

SSID [Guest] :

SSID [Home] :

MAC Address IP address Device Name Parent State

0021.5c39.6c73 192.168.165.4 unknown - self Assoc

Cisco871W#exit

Thanks

Joe Clarke · ‎08-11-2009

Great. What commands would you like to run to grant the guest VLAN bandwidth, then take that bandwidth away?

ryanlin2002 · ‎08-11-2009

To take the bandwidth away, I would simply add the guest bandwidth to the existing home policy-map:

This is my current configuration:

!

policy-map QoS_In_BVI2

class class-default

police 150000

policy-map QoS_In_BVI1

class Restrict_P2P_Bandwidth

police 8000

class class-default

police 462000

policy-map QoS_Out_BVI2

class class-default

police rate 500000

policy-map QoS_Out_BVI1

class class-default

police 4550000

!

If there is no guest hosts, the eem should implement the following command automatically:

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "policy-map QoS_In_BVI1"

action 1.3 cli command "class class-default"

action 1.4 cli command "police 612000"

action 1.5 cli command "exit"

action 1.6 cli command "policy-map QoS_Out_BVI1"

action 1.7 cli command "class class-default"

action 1.8 cli command "police 5050000"

action 1.9 cli command "end"

If there is are guest hosts, then the eem should implement the following according to the original configuration:

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "policy-map QoS_In_BVI1"

action 1.3 cli command "class class-default"

action 1.4 cli command "police 462000"

action 1.5 cli command "exit"

action 1.6 cli command "policy-map QoS_Out_BVI1"

action 1.7 cli command "class class-default"

action 1.8 cli command "police 4550000"

action 1.9 cli command "end"

Thanks!

Joe Clarke · ‎08-11-2009

This is untested, but I think it should work. If not, post any errors, and I will tweak it as needed:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 006 regexp "SSID .Guest.*" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1

action 014 break

action 015 end

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 019 break

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

ryanlin2002 · ‎08-11-2009

wow ! this is fantastic. let me test it right now, will report back in 5 minutes.

Joe Clarke · ‎08-11-2009

Once you've verified this is working, you'll want to add a timer component to this as well. All of the actions will remain the same, but at the top, you'll want to do:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

event tag timer timer countdown time 60

trigger

correlate event assoc or event disassoc or event timer

This will run the policy 60 seconds after the router reboots just to clear out any leftover cruft.

ryanlin2002 · ‎08-11-2009

Hi

The eem gets triggered when I join/leave the Guest SSID. However, the bandwidth remains unchanged.

Weird. Any ideas?

edit: let me run some debug for eem, i will see what i can find and post back the results.

Joe Clarke · ‎08-11-2009

What output do you get in show logg?

ryanlin2002 · ‎08-11-2009

it just shows the usual association and deassociation in the show log.

attached the show log output to this message

ryanlin2002 · ‎08-11-2009

the debug results are in...

it got stuck after "show dot11 as" is executed in EEM.

please see attached.

thanks!

Joe Clarke · ‎08-11-2009

I found what looks like a bug when using "break" in applets. Try this version:

event manager applet guest-bandwidth

event none

action 001 cli command "enable"

action 002 cli command "more disk1:/dot11_as.txt"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim $line

action 005.2 set line $_string_result

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end