Restrict Bandwidth to Guest Internet Connection

Answered Question
Sep 22nd, 2007
User Badges:

Hi Everyone,

I am working on network with 3 4404 WLC's on the internal network and now we will be adding another controller to the DMZ to make a anchor controller for a guest WLAN. I have a request to restrict internet bandwidth for this guest network to 25% of total bandwidth or less. The firewall is a Pix 515 running 7.0(2).

Anyone have any ideas on how I can restrict bandwidth on one particular WLAN. I was thinking of QOS on that WLAN, but there has to be an easier or better way.

Thanks everyone...

Correct Answer by da.beaver about 9 years 8 months ago

It is working fine for us. I have used several tools to verify the bandwidth has been limited and it looks like it has.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (7 ratings)
ericgarnel Sun, 09/23/2007 - 06:36
User Badges:
  • Gold, 750 points or more

The pix should support policy maps at 7.0(2) if not upgrade to 7.2.1

here is a sample where the policy is bound to the interface that wifi uses on the PIX:

class-map p2p

match any

policy-map WIFI-nonweb

class p2p

police output 756000 37500


service-policy global_policy global

service-policy WIFI-nonweb interface policy-dmz

jake.kappus Sun, 09/23/2007 - 07:44
User Badges:

Ah...policy maps! I forgot about those! I'll try this and let you know how it goes. Thanks!

jake.kappus Mon, 09/24/2007 - 18:16
User Badges:

Is this config going to restrict bandwidth per session or for all connections to this interface?



da.beaver Tue, 09/25/2007 - 04:21
User Badges:

It will restrict the total bandwidth for that VLAN. I would think that QoS would be easier to configure on the controllers for that one vlan. If you click on "Controllers", on the left at the bottom you should see "QoS Profiles". Edit the "Bronze" profile under "Per-User Bandwidth Contracts" to the bandwidth you want your guests to have. Mine are set to 512K Average and 768k bursts, then save the profile. Then under your guest WLAN, set the Quality of Service to Bronze and you will be set.

The only catch is you will have to disable the 802.11G and A radios prior to editing the QoS profiles. You can do this by clicking on "Wireless" and in the left column click "802.11B/G Network". then under the "General" area, uncheck the checkbox that says "802.11b/g Network Status".

Hope this helps.

Rob Huffman Tue, 09/25/2007 - 05:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi David,

Very nice thinking here! 5 points for this helpful advise.

Take care,


ericgarnel Tue, 09/25/2007 - 05:32
User Badges:
  • Gold, 750 points or more

Does Qos on the controllers actually work now?

We tried using it back in 3.x, and it did not meet our needs.

Correct Answer
da.beaver Tue, 09/25/2007 - 05:41
User Badges:

It is working fine for us. I have used several tools to verify the bandwidth has been limited and it looks like it has.

jake.kappus Tue, 09/25/2007 - 05:46
User Badges:

Thanks guys for the info. I'll try this. I was hoping there was an easier way than having to limit the bandwidth on the interface. Turns out that's really not the best solution anyway.


mlrtime99 Tue, 11/20/2007 - 14:07
User Badges:

Great info beaver, I have recently implemented this QoS package on our public wireless and have tested it with our local speed test server and have noticed that it only throttles download, upload still runs unchecked. Is this just poor design or am I missing an option somehwere?

ericgarnel Wed, 11/21/2007 - 08:57
User Badges:
  • Gold, 750 points or more

Sounds like it should be submitted to TAC. Perhaps it is a bug.

mlrtime99 Wed, 11/21/2007 - 09:04
User Badges:

Possibly, although it does satisfy my needs at the moment I just wanted to give everyone else the heads up. These tests were run on a 1242 radio with a 4404 running

The speedtests are very reliable.

2007/11/20 14:54:35 3,845,032 3,300,464 995 4 61%

2007/11/20 14:57:59 795,240 3,336,864 980 3 62%

I tried tabbing this out but no luck, fields are; date, time, download, upload, max pause, rtt, qos.

I had set my averages at 768 with a burst of 1024.

bbxie Sun, 11/25/2007 - 17:10
User Badges:
  • Silver, 250 points or more

Only with WMM, the bi-directional traffice can be controlled, otherwise only download can be applied


This Discussion



Trending Topics - Security & Network