Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
10
Helpful
4
Replies

traffic limit for users in a vlan

MichaelCM
Level 1
Level 1

‎08-26-2019 04:05 AM

Hello everybody!

I am a (very) begginer needing some help.

I have a network divided in several vlans managed by an ISR 891F. The 891 is the dhcp server for each vlan.

One of the vlan (let's name it FREE WIFI VLAN - 10.10.21.0/24) includes all the AccessPoints in the building providing free wifi to the clients. (APs are not Cisco). All the APs are connected in the same (2960X-24ts-l) switch.

Can you tell me how can I limit the traffic (both ingress and egress) only for this vlan (ISP provides a guaranteed upload/download speed) in order to leave the other vlans to access the internet with priority and better speed?

 

Thank you!

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-26-2019 05:55 AM

Hello MichaelCM,

if you know the IP subnet used by free WIFI you can build QoS policies to limit their traffic usage.

 

>> FREE WIFI VLAN - 10.10.21.0/24

 

access-list 111 remark FREE WIFI to internet

access-list 111 permit ip 10.10.21.0 0.0.0.255 any

 

access-list 121 remark from internet to FREE WIFI

access-list 121 permit ip any 10.10.21.0 0.0.0.255

 

class-map FREEWIFI-UPSTREAM

match address 111

 

class-map DOWNSTREAM-FREEWIFI

match address 121

 

policy-map POLICER-to-INTERNET

class FREEWIFI-UPSTREAM

police 5000000 conform-action transmit exceed-action-drop

!

policy CHILD

class DOWNSTREAM-FREEWIFI

shape average 10000000

 

policy-map SHAPE-from-Internet

class-default shape 100000000

service-policy CHILD

 

interface gi0/0

desc link router to switch

service-policy in POLICER-to-INTERNET

service-policy out SHAPE-from-Internet

 

Of course, you need also to NAT the WIFI users to give them internet access

 

Hope to help

Giuseppe

 

 

 

MichaelCM
Level 1
Level 1
In response to Giuseppe Larosa

‎08-28-2019 12:56 AM

Thank you, very much! Will try it!

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-26-2019 08:31 AM

I have good news and not so good news.

On your 891 you should be able to manage your outbound bandwidth usage including traffic prioritization. However, for inbound, your management is downstream of the actual Internet link which means the Internet link can congest, or not have the traffic prioritization you desire. The ideal way to handle the latter is to have traffic management on your ISP's device, but generally most ISPs will not support that. That said, you can configure "from" Internet bandwidth management, and it will have some effect, but generally it doesn't work very well. (NB: BTW, for ingress Internet traffic, a 3rd party traffic management device might be considered. They can do more/better than a Cisco router, but even they aren't 100% effective.)

If you wish to try some QoS, and see how effective it is, you can try what Giuseppe suggests (or something similar to it). You also might consider having a second Internet link installed for your guest WiFi (the latter possibly being the least expensive way to "manage" the two "kinds" of traffic).

MichaelCM
Level 1
Level 1
In response to Joseph W. Doherty

‎08-28-2019 12:55 AM

Thank you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card