Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4772
Views
0
Helpful
1
Replies

C9800 local mode: Rate limiting per-user AND per-SSID

Johannes Luther
Level 4
Level 4

‎06-21-2021 07:32 AM - edited ‎07-02-2021 09:35 PM

Hello Wireless experts,

I want a very simple configuration as I have it with AireOS today:

Requirement 1: Rate limit a SSID to a certain value (example 10 Mbit/s)

=> So the aggregate traffic to and from the SSID must not exceed the limit for all clients

 

Requirement 2: Rate limit the clients within the SSID to a certain value (example 8 Mbit/s)

 

Examples:

One wireless client sends traffic to a wired server (iPerf): Result throughput is 8 Mbit (client rate limit)

Two wireless client sends traffic to a wired server (iPerf): Result throghput per client is ~5 Mbit/s (10 Mbit/s aggregate)

 

I cannot get this to work. So this is what I did:

1.) Wireless profile policy

wireless profile policy SSID-RATELIMIT
[...]
 service-policy client input CLIENT-POLICY-LAB
 service-policy client output CLIENT-POLICY-LAB
 service-policy input SSID-POLICY-LAB
 service-policy output SSID-POLICY-LAB
!
policy-map CLIENT-POLICY-LAB
 class class-default
 police cir 8000000
!
policy-map SSID-POLICY-LAB
class class-default
police cir 1000000
!

 When doing an iPerf from two clients at the same time, the limit is ~ 8 Mbit/s per client.... So the SSID rate limit does not work.

 

I saw the example: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215441-configure-qos-rate-limiting-on-catalyst.html

However, this does not answer my question at all.

 

I don't want all the fancy AAA override, AVC or the other stuff. I just want a plain per user AND a per SSID rate limiter

 

3 people had this problem
0 Helpful
1 Reply 1

Dmitriy Michshuk
Level 1
Level 1

‎10-27-2021 11:59 PM

Hello! Did you find a solution?

All I found is a note in https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215441-configure-qos-rate-limiting-on-catalyst.html 

"On wave2 and 11ax Access Points, rate-limiting occurs at a per-flow (5 tuple) level and not per-client or per-SSID. This applies to AP in Flexconnect/Fabric, Embedded Wireless Controller on Access Point (EWc-AP) deployments.

Starting 17.5, AAA override can be leveraged to push the attributes to achieve per-client rate-limiting."

So I need to use AAA override and AAA server for per-client rate-limiting. It's unacceptable for me. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card