according to documentation -

• Manage Bandwidth by Guest User Type. In addition to tailoring user portals, Version 4.2 enables administrators to customize bandwidth privileges for specific user groups. Administrators may easily restrict bandwidth to low-priority groups such as short-term consultants, for instance, while assigning higher throughput to groups requiring fast connectivity to resources such as enterprise resource planning (ERP) systems or research portals. When a guest logs into the network, the WLAN controller automatically enforces the bandwidth policies assigned to the particular guest's user group. The policies are applied on downstream traffic, helping to ensure that administrators are able to control network resources efficiently.

or you can go to the qos area, select "bronze" for instance and set the numbers as shown here

- http://www.cisco.com/en/US/docs/wireless/controller/4.0/configuration/guide/c40wlan.html#wp1120096

I am not sure if I understood if you wanted for individual users or a class of users [ guest/visitor ]

Dennis,

There is a problem with doing this in a hardware box as you suggest.

If the traffic is being shaped just before entering the wireless controllers it has already been placed on the wire that connects the controller upstream and now there potentially is no room for the traffic you want to get through. QOS is endpoint to endpoint problem.

It is similar to why effective dealing with denial of service attacks require cooperation of your upstream service providers - by the time you have seen it it's too late. You need your upstream link to not send the packets.

I dont think youre understanding the issue. QoS levels determine who gets priority on bandwidth but does nothing to limit a guest user to say a certain throughput thus insuring everyone on the guest network has equal access to the bandwidth. Bandwidth shaping boxes are meant to limit bandwidth consumption and thus equalize the playing field for all users on the guest access. This prohibits a music download from dropping the other users to their knees and is the only real way to both shape the traffic and enforce CALEA requirements.

Dennis,

I did understand the issue - the OP wishes to restrict guestA to x bandwidth, guestB to x bandwidth and guestC to x bandwidth.

Nothing was mentioned that all guests can't aggregately exceed a fixed bandwidth even when there may be no other traffic on the network. He doesn't tell us if he has guest vlan w/anchor controllers .... Lets try the built in tools first , huh ?

So if I follow the instructions as shown in this link .

http://www.cisco.com/en/US/docs/wireless/controller/4.0/configuration/guide/c40wlan.html#wp1120096

And change the per-user Bandwidth Contracts from 0 Kb to x Kb ... it won't limit each user to approximately x Kb on that profile or whatever the OP asked ?

I didn't say the box you suggested wouldn't work - I like FOSS, I just said that the controller itself can do what the OP asked.

Right ??

Now I also understand that even though the OP did not ask about a class of users exceeding a maximum aggregate limit - which the box you mention will do also - so will QOS.

Right ?

Interesting issue: I also ran across this.

I think your concern is the global aggregation on the WLAN.

While you can bw limit every user in the WLAN, if you have a 1000 users it might hurt you.

Two methods I use - QOS on the gust DMZ address blocks.

Also rate limiting the physical controller port for guest users on the switch.

Example:

To apply a rate limit on a Physical Lan switch port.

IP Block 10.11.32.0 thru 10.11.33.254 to 2MEG

Note: You must ENABLE MLS QOS on switch (not on by default)

Switch#sho mls qos

QoS is disabled

QoS ip packet dscp rewrite is enabled

Switch(config)#MLS QOS

Config

!Build IP Match List

ip access-list extended Guest

permit ip 10.211.32.0 0.0.1.255 any

!Build Class Map

class-map match-all Guest-Limit

match access-group name Guest

!Build Policy

policy-map Guest-Policy

description Guest Access 2000 kbps

class Guest-Limit

police 2000000 256000 exceed-action drop

!Apply On Interface

interface G/0/5

desc Guest-Access 20000 Kbps

service-policy input Guest-Policy

service-policy output Guest-Policy

Note: Only LAYER 3 interfaces (no switchport) support OUTbound service policy.

Error Message police command is not supported for this interface

Configuration failed!

Warning: Assigning a policy map to the output side of an interface not supported

It would be nice if there was a global WLAN bandwidth usage setting.

Tim