06-14-2014 12:48 AM - edited 07-05-2021 01:00 AM
Hi
I am looking for help on a requirement a customer has with Wireless Guest traffic
We have several large offices enabled with WiFi and at each office there are Cisco 2602 APs. These register to foreign WLAN Controllers in a Data Centre over WAN circuits. The Guest traffic is tunnelled back to Anchor Controllers also in the Data Centre and then switched out onto the Internet.
What I am hoping to achieve is to limit Guest SSID traffic on a per site basis, both inbound and outbound, to 10% of the WAN bandwidth. This is to stop guest users taking all available bandwidth.
I can add a QoS policy to the WAN circuits at each site to restrict the Guest traffic outbound but cant find a way to restrict the traffic inbound protecting the bandwidth for corporate users.
I am not allowed to amend the QoS policies on the Data Centre WAN circuits as this would mean adding a QoS policy for each remote WiFi enabled office.
I have seen the URL, http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113682-bdr-limit-guide-00.html, but this does not fit the requirements we have.
Has anyone else come across this type of issue and if so what was done to protect the WAN circuit from guest WiFi traffic inbound
Thanks Martyn Taylor
06-14-2014 02:56 AM
Another way of doing things is apply a policy shaping rule on the VLAN (or the default gateway) of the guest SSID is attached to.
06-14-2014 03:43 AM
Thanks but I cant see how that will restrict the traffic per site to 10% of each remotes sites WAN bandwidth. Adding a shaping policy will shape the traffic for all guests as the guest subnet is derived from the Anchor WLC.
06-16-2014 05:57 PM
I to have a similar issue with rate limiting the Guest Services Protocol97 (EoIP) Tunnel to 500K of a T1 at each site. My variation is I have access to both DC and Site routers for configuration, but have never rate limited a pass-through layer 2 tunnel. Any help would be much appreciated and it may give martaylor some additional ideas.
martaylor, being you don't have access to the DC router, have you thought of using the QOS rate limiting on the anchor controller to limit inbound (internet) traffic at the anchor? It's not idea, but you can limit by average bandwidth and still allow them a burst rate if you chose.
04-20-2015 10:55 AM
Hi Martyn,
I have the same issue now but our APs in the offices are working in FlexConnect mode.
Do you have found solution?
regards
Martin
05-21-2015 10:25 PM
Hi,
I haven't come across this type of issue
But information is provided on below link is complete, so where you are stucking ?.
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113682-bdr-limit-guide-00.html#pro2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide