Re: Wireless Rate Limiting via Radius

Mehmet Emin Yagci · ‎12-02-2012

We have a setup as 1 SSID in air , authentication via LDAP

One user login as aaa to VLAN 51

other user login as bbb to VLAN 52

I want to setup different rate limiters for those users.As i know thera are 2 methods of rate limiting available in WLC

a)per User in the same SSID

b)per SSID for any user

In this case there is only one WLAN so we cant use b , as i dont want all users to get same bandwidth contract rate limiting method a isnt useful for us.Because i want to seperate employee / guest / admin bandwidth limits.

How can i overcome of this case ?

Scott Fella · ‎12-02-2012

With one WLAN you are limited to what the WLC can do. The rate limiting as you already know only works with the WLAN in question and defines the rate limiting for that WLAN. The WLC doesn't rate limit on an interface which would helps you in this case. What you will need to look at is if you can rate limit on the network switch. This way you can try to limit the traffic from the vlan and not really care about the WLAN.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Mehmet Emin Yagci · ‎12-02-2012

Can we do this via ACL s ?

and one more question , is there any chance to do a dynamic WLAN assignment ?

Scott Fella · ‎12-02-2012

I think you can do some rate limiting on the layer 3 interface, but maybe depends on your equipment.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-02-2012

What do you mean by dynamic WLAN assignment?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Mehmet Emin Yagci · ‎12-02-2012

For the first question ;

What do you mean with "maybe depends on your equipment" ?

For the second question ;

Sorry it has to be "VLAN" assignment , and i have found the solution.

As i read

IETF 64 (Tunnel Type)—Set this to VLAN.
IETF 65 (Tunnel Medium Type)—Set this to 802
IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID.

Three types of attribute has to be returned from ldap server.All three of these has to be returned or just Private group id is enough ?

Scott Fella · ‎12-02-2012

It depends on your equipment if you can configure certain vlan rate limits.... Okay.,... dynamic vlans is more like it.... yes it is possible using IETF if your using no cisco radius. Cisco radius you can just set the vlan id in the end station filter. I set all 3 when using MS radius.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-02-2012

Here is another link:

https://supportforums.cisco.com/thread/1002299

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-02-2012

Here is a great example if your using MS radius:

https://lavazzza.wordpress.com/2009/11/30/wlc-school-for-network-admin%E2%80%99s-who-can-read-real-good-part-1/

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***