We have our guest SSID, seperate vlan, running on our production APs with an IP filter on APs and Layer 3 switches. The Guest SSID has access to DHCP internally and internet only. I am tasked to cap the throughput on Guest SSID to limit the bandwidth usage when going to the internet.
What s the best practice to approach this. Should I classify and mark traffic on access points and do QOS on the layer 3 switch? Is there somewhere on the AP where I can cap the throuput?
When rate limiting, you should always place that near the point of traffic.
For guest i would implement rate limiting at the L3 edge that is connecting to the internet.
Steve. Thanks for the quick response.
So if my internet circuit is 20 Mbps, I should create two ACLs one for Guest and the other for the rest of the users. Then I should create two classes for the above traffic and create a polocy that would police Guest traffic to 2 Mbps and shape default traffic to 18 Mbps.
Will that work?
That should work
Yes, you can use two ACLs for Guest and rest of the users. You can then create 2 classes and police Guest to 2-4 Mbps and shape default traffic to 16-18 Mbps.