Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1879
Views
0
Helpful
5
Replies

Rate Limit Wireless Guest Traffic

martaylor
Level 1
Level 1

‎06-14-2014 12:48 AM - edited ‎07-05-2021 01:00 AM

Hi

I am looking for help on a requirement a customer has with Wireless Guest traffic

We have several large offices enabled with WiFi and at each office there are Cisco 2602 APs. These register to foreign WLAN Controllers in a Data Centre over WAN circuits. The Guest traffic is tunnelled back to Anchor Controllers also in the Data Centre and then switched out onto the Internet. 

What I am hoping to achieve is to limit Guest SSID traffic on a per site basis, both inbound and outbound, to 10% of the WAN bandwidth. This is to stop guest users taking all available bandwidth.

I can add a QoS policy to the WAN circuits at each site to restrict the Guest traffic outbound but cant find a way to restrict the traffic inbound protecting the bandwidth for corporate users. 

I am not allowed to amend the QoS policies on the Data Centre WAN circuits as this would mean adding a QoS policy for each remote WiFi enabled office. 

I have seen the URL, http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113682-bdr-limit-guide-00.html, but this does not fit the requirements we have.

Has anyone else come across this type of issue and if so what was done to protect the WAN circuit from guest WiFi traffic inbound

 

Thanks Martyn Taylor

 

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-14-2014 02:56 AM

Another way of doing things is apply a policy shaping rule on the VLAN (or the default gateway) of the guest SSID is attached to.  

0 Helpful

martaylor
Level 1
Level 1
In response to Leo Laohoo

‎06-14-2014 03:43 AM

Thanks but I cant see how that will restrict the traffic per site to 10% of each remotes sites WAN bandwidth. Adding a shaping policy will shape the traffic for all guests as the guest subnet is derived from the Anchor WLC.

0 Helpful

twikel
Level 1
Level 1

‎06-16-2014 05:57 PM

I to have a similar issue with rate limiting the Guest Services Protocol97 (EoIP) Tunnel to 500K of a T1 at each site.  My variation is I have access to both DC and Site routers for configuration, but have never rate limited a pass-through layer 2 tunnel.  Any help would be much appreciated and it may give martaylor some additional ideas.

 

martaylor, being you don't have access to the DC router, have you thought of using the QOS rate limiting on the anchor controller to limit inbound (internet) traffic at the anchor?  It's not idea, but you can limit by average bandwidth and still allow them a burst rate if you chose. 

0 Helpful

mlieber
Level 1
Level 1

‎04-20-2015 10:55 AM

Hi Martyn,

 

I have the same issue now but our APs in the offices are working in FlexConnect mode.

Do you have found solution?

regards

Martin

 

0 Helpful

abwahid
Level 4
Level 4

‎05-21-2015 10:25 PM

Hi,

I haven't come across this type of issue

But information is provided on below link is complete, so where you are stucking ?.

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113682-bdr-limit-guide-00.html#pro2

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card