Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1319
Views
0
Helpful
6
Replies

Limiting the guest users bandwidth per site basis

ramesh rajendran
Level 1
Level 1

‎05-15-2015 03:36 AM - edited ‎07-05-2021 03:14 AM

Hi,

 

 We got the centralized guest SSID deployment for the visitors. Customer asked us to throttle the guest users bandwidth per site basis. I think we can only implement the per-SSID and per-User throttling for the centralized guest SSID. Is there anyway to do per site basis?

 

This requirement popped up due to the varying bandwidths in different sites such as 4, 8, 10 mbps.

 

thanks,

Ramesh

Labels:
0 Helpful
6 Replies 6

Scott Fella
Hall of Fame
Hall of Fame

‎05-15-2015 03:49 AM

The only way I can think off the top on my head is to create a different WLAN profile with the same SSID name.  You can have one site with WLAN ID 1 but all the others have to have WLAN ID 17 or higher to do this.  This would allow you to then set separate limits on a per WLAN and since each WLAN is tied to a different site, that should work.  Now if you have like 10+ sites, then I wouldn't do this, because it just becomes a nightmare.  You might be able to use foreign maps, if you have a WLC at each site and the guest anchors centralized and place guest traffic from a site to a dmz vlan and police the vlan.  There is no straight configuration to do what you want, but more of various workarounds.

-Scott 

-Scott
*** Please rate helpful posts ***
0 Helpful

ramesh rajendran
Level 1
Level 1
In response to Scott Fella

‎05-15-2015 04:28 AM

Thanks Scott,

One more doubt. Our APs are in flexconnect mode. If I am enforcing the per-SSID rate limiting to 10mbps for the guests, will it be applied on AP?. Each AP will allow the consolidated bandwidth of 10mbps under guest SSID instead of globally limiting guest SSID to 10mbps?. the following spreadsheet is confusing.

 Local ModeFlexConnect Central SwitchingFlexConnect Local SwitchingFlex Connect Standalone
Per client DownstreamWLCWLCAPAP
Per SSID DownstreamAPAPAPAP
Per client UpstreamAPAPAPAP
Per SSID UpstreamAPAPAPAP
 
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to ramesh rajendran

‎05-15-2015 04:38 AM

If the AP is doing the policing, then its on each AP since the AP's don't communicate.  If the traffic goes to the WLC, then the WLC can police the traffic since everything come into it.  That is why you need to really understand what you are getting.  This whole limit bandwidth, etc., works, but does it work how you want it to work. In flexconnect local switching for example, that means traffic egress the AP and gets put onto the wired network.  So on the wired side, you can set a policy on the layer 3 svi to limit that traffic.  But in case you are dumping guest onto another subnet with other traffic and using ACL's on the WLC to secure the guest traffic, well you really can't police the traffic on the svi, because you will limit all the traffic.  Best thing to do is think it out and draw it out and see if its possible to accomplish or not.  Bandwidth limiting has been removed from many of my customers, due to user complaints and or limiting it to a point that its useless.  There are also guest that might require to present and might have a video and need to download a presentation or files, well, do you want to limit that especially if they are a guest of one of the executives or higher up's.... not really.

-Scott

-Scott
*** Please rate helpful posts ***
0 Helpful

ramesh rajendran
Level 1
Level 1
In response to Scott Fella

‎05-15-2015 06:28 AM

Thanks Scott.

 If I apply qos policy on the local CE for the port-number 5247(capwap data channel), will it limit the bandwidth per site by basis for the guest SSID?

 We are using local-switching for the corporate SSID, i dont think corporate SSID traffic will be going via the capwap data channel. 

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to ramesh rajendran

‎05-15-2015 06:44 AM

I really don't think that will work. You might end up breaking the join. If you are trying to limit so that traffics is limited before it is sent over the WAN, you would have to figure out something different. You would have to use local switching and place that guest traffic in a GRE/VRF to the DMZ and police it at the site. This will not use the guest anchors however.  You will have to figure out some other workaround that what the WLC can provide you. 

-Scott

-Scott
*** Please rate helpful posts ***
0 Helpful

sobhardw
Cisco Employee
Cisco Employee

‎05-19-2015 04:51 PM

You can use QOS to do this. When you configure QoS on the access point, you can select specific network traffic, prioritize it, and use congestion-management and congestion-avoidance techniques to provide preferential treatment. Implementing QoS in your wireless LAN makes network performance more predictable and bandwidth utilization more effective.

For more information please refer to the link :

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_7_JA/configuration/guide/i1237sc/s37qos.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card