Re: Per user bandwidth limiting supported on 9800 (IOS-XE) ?

PWJPW · ‎05-20-2021

Does anyone know if it's possible to set a device rate limit (downstream/upstream) via the RADIUS Access-Accept response like we can in AireOS using similar to the below attributes:

Airespace-Data-Bandwidth-Average-Contract
Airespace-Data-Bandwidth-Burst-Contract

We can't seem to find equivalent radius attributes or av-pair values to make this work on IOS-XE devices...

Thanks

James

balaji.bandi · ‎05-20-2021

i know we can do old controllers , i am also part of journey with Cat 9800

its possible as per the document - yet to be tested :

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/quality-of-service.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PWJPW · ‎05-20-2021

Thanks. I did see this document, but it's not really showing if it can be done via the RADIUS reply. And it seems to support defined policies on the WLC, rather than dynamic values set via the RADIUS reply. i.e. some clients get 1Mb, some 2Mb, some 10, some 20 etc. depending on their package.

balaji.bandi · ‎05-20-2021

Got you, so you looking based on the user, not all clients, not that i am aware this was tested my self. but good option, if you looking to offer services to clients.

what kind of Radius you using ISE ?

check below thread may help you :

https://community.cisco.com/t5/network-access-control/freeradius-with-wlc-8-3-122-per-user-bandwidth-rate-limits/td-p/3839617

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PWJPW · ‎05-20-2021

We already do this (have for years ) on the AireOS WLCs (as per the link you posted) but with Catalyst IOS-XE we can't find the equivalent RADIUS attribute to use

balaji.bandi · ‎05-20-2021

what radius you using - looking at document there command syntax bit changed : (still required for me to test) - will test later with ISE

Configuration Example for Per-User QoS via AAA Policy Name

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_radcfg/configuration/xe-16/sec-usr-radcfg-xe-16-book/sec-qos-aaa-pol-name.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

PWJPW · ‎05-20-2021

Freeradius, though it shouldn't matter as the attribute name should work with any RADIUS, once we know what it is!

The guide you linked to is for the Cisco Cloud Services Router 1000 Voice Series, not wireless?

Thanks

James

matty-boy · ‎05-21-2021

This should do what you need but the WLC must be running IOS XE 17.5 or later:

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/215441-configure-qos-rate-limiting-on-catalyst.html

Check out the attached screenshot from the doc for the required A/V pairs. Just substitute "BWLimitAAAClients" for the name of your preconfigured QoS policy in your authz profile.

I've not tested it myself but I too need the functionality for a customer project!

(Credit to @vibobrov for identifying the solution)

PWJPW · ‎05-21-2021

Thanks - but this still relies on multiple profiles/policies being added manually on the controller first. We're looking to dynamically pass a figure in bits/kbits like you can on the AOS WLC, i.e. we can just limit the speed for a particular user by setting the attribute value to 2000k.

Thanks

James

matty-boy · ‎05-21-2021

Oh I see, sorry James I misunderstood your requirement. I'm not sure that's possible but I'm sure somebody else here will pipe up if it is. Either way, please bear in mind that you will need IOS XE 17.5 for AAA override.