Solved: Restrict Bandwidth to Guest Internet Connection

jake.kappus · ‎09-22-2007

Hi Everyone,

I am working on network with 3 4404 WLC's on the internal network and now we will be adding another controller to the DMZ to make a anchor controller for a guest WLAN. I have a request to restrict internet bandwidth for this guest network to 25% of total bandwidth or less. The firewall is a Pix 515 running 7.0(2).

Anyone have any ideas on how I can restrict bandwidth on one particular WLAN. I was thinking of QOS on that WLAN, but there has to be an easier or better way.

Thanks everyone...

da.beaver · ‎09-25-2007

It is working fine for us. I have used several tools to verify the bandwidth has been limited and it looks like it has.

View solution in original post

ericgarnel · ‎09-23-2007

The pix should support policy maps at 7.0(2) if not upgrade to 7.2.1

here is a sample where the policy is bound to the interface that wifi uses on the PIX:

class-map p2p

match any

policy-map WIFI-nonweb

class p2p

police output 756000 37500

!

service-policy global_policy global

service-policy WIFI-nonweb interface policy-dmz

jake.kappus · ‎09-23-2007

Ah...policy maps! I forgot about those! I'll try this and let you know how it goes. Thanks!

jake.kappus · ‎09-24-2007

Is this config going to restrict bandwidth per session or for all connections to this interface?

Thanks!

Jake

da.beaver · ‎09-25-2007

It will restrict the total bandwidth for that VLAN. I would think that QoS would be easier to configure on the controllers for that one vlan. If you click on "Controllers", on the left at the bottom you should see "QoS Profiles". Edit the "Bronze" profile under "Per-User Bandwidth Contracts" to the bandwidth you want your guests to have. Mine are set to 512K Average and 768k bursts, then save the profile. Then under your guest WLAN, set the Quality of Service to Bronze and you will be set.

The only catch is you will have to disable the 802.11G and A radios prior to editing the QoS profiles. You can do this by clicking on "Wireless" and in the left column click "802.11B/G Network". then under the "General" area, uncheck the checkbox that says "802.11b/g Network Status".

Hope this helps.

Rob Huffman · ‎09-25-2007

Hi David,

Very nice thinking here! 5 points for this helpful advise.

Take care,

Rob

ericgarnel · ‎09-25-2007

Does Qos on the controllers actually work now?

We tried using it back in 3.x, and it did not meet our needs.

da.beaver · ‎09-25-2007

It is working fine for us. I have used several tools to verify the bandwidth has been limited and it looks like it has.

jake.kappus · ‎09-25-2007

Thanks guys for the info. I'll try this. I was hoping there was an easier way than having to limit the bandwidth on the interface. Turns out that's really not the best solution anyway.

Thanks!

jake.kappus · ‎09-25-2007

That did the trick! Thanks again!

mlrtime99 · ‎11-20-2007

Great info beaver, I have recently implemented this QoS package on our public wireless and have tested it with our local speed test server and have noticed that it only throttles download, upload still runs unchecked. Is this just poor design or am I missing an option somehwere?

ericgarnel · ‎11-21-2007

Sounds like it should be submitted to TAC. Perhaps it is a bug.

mlrtime99 · ‎11-21-2007

Possibly, although it does satisfy my needs at the moment I just wanted to give everyone else the heads up. These tests were run on a 1242 radio with a 4404 running 4.1.185.0

The speedtests are very reliable.

2007/11/20 14:54:35 3,845,032 3,300,464 995 4 61%

2007/11/20 14:57:59 795,240 3,336,864 980 3 62%

I tried tabbing this out but no luck, fields are; date, time, download, upload, max pause, rtt, qos.

I had set my averages at 768 with a burst of 1024.

bbxie · ‎11-25-2007

Only with WMM, the bi-directional traffice can be controlled, otherwise only download can be applied