How do I do this?

Answered Question
Aug 11th, 2009

Hi all

My home network consists of two SSIDS, a Home SSID and a Guest SSID.

I have service policy maps applied to both SSIDs to restrict the bandwidth usage.

The Guest SSID is not being used that often in the house, which results in bandwidth being wasted.

What I would like to accomplish is the following:

1. The ability to give Home SSID full bandwidth when there are no guests connected to the Guest SSID.

2. When Guest SSID detects a host or multiple hosts, the Home SSID should give the bandwidth back to the Guest SSID.

For example...

On a 64kbps link, the home ssid is assigned 32kbps and the guest ssid is assigned 32kbps respectively.

When there are no guest machines connected to the guest ssid, the Home ssid network should get the full 64kbps.

If one guest or multiple guests are connected to the guest ssid, then the home ssid should revert back to 32kbps automatically.

I know how to do this if there is only one guest host on the network. I can match the connection patterns in the syslog by looking at the association and deassociation messages. However, this solution would no longer be feasible if there are multiple guest hosts on the guest ssid.

Any suggestions on how to accomplish this?

Thanks

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 7 years 5 months ago

Just to be clear, try:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim "$line"

action 005.2 set line "$_string_result"

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Tue, 08/11/2009 - 20:10

This is easily doable with an EEM policy. What version of IOS will you be running? Post the output of the command you will use to determine if someone is associated.

ryanlin2002 Tue, 08/11/2009 - 20:13

Hi

Thanks for your fast reply.

I am currently running on IOS 12.4.22.T2 to take advantage of the new EEM 3.0 features.

I run "show dot11 as" to see the ssid client associations.

Thanks

Joe Clarke Tue, 08/11/2009 - 20:15

Please post the output of that command when you have a client associated, and when you don't. This may be doable with an EEM applet if you're using EEM 3.0.

ryanlin2002 Tue, 08/11/2009 - 20:20

Hi

Here is the output:

Cisco871W#show dot11 as

802.11 Client Stations on Dot11Radio0:

SSID [Guest] :

MAC Address IP address Device Name Parent State

0021.5c39.6c73 10.0.165.2 unknown - self Assoc

SSID [Home] :

Cisco871W#show dot11 as

802.11 Client Stations on Dot11Radio0:

SSID [Guest] :

SSID [Home] :

MAC Address IP address Device Name Parent State

0021.5c39.6c73 192.168.165.4 unknown - self Assoc

Cisco871W#exit

Thanks

Joe Clarke Tue, 08/11/2009 - 20:21

Great. What commands would you like to run to grant the guest VLAN bandwidth, then take that bandwidth away?

ryanlin2002 Tue, 08/11/2009 - 20:35

To take the bandwidth away, I would simply add the guest bandwidth to the existing home policy-map:

This is my current configuration:

!

policy-map QoS_In_BVI2

class class-default

police 150000

policy-map QoS_In_BVI1

class Restrict_P2P_Bandwidth

police 8000

class class-default

police 462000

policy-map QoS_Out_BVI2

class class-default

police rate 500000

policy-map QoS_Out_BVI1

class class-default

police 4550000

!

If there is no guest hosts, the eem should implement the following command automatically:

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "policy-map QoS_In_BVI1"

action 1.3 cli command "class class-default"

action 1.4 cli command "police 612000"

action 1.5 cli command "exit"

action 1.6 cli command "policy-map QoS_Out_BVI1"

action 1.7 cli command "class class-default"

action 1.8 cli command "police 5050000"

action 1.9 cli command "end"

If there is are guest hosts, then the eem should implement the following according to the original configuration:

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "policy-map QoS_In_BVI1"

action 1.3 cli command "class class-default"

action 1.4 cli command "police 462000"

action 1.5 cli command "exit"

action 1.6 cli command "policy-map QoS_Out_BVI1"

action 1.7 cli command "class class-default"

action 1.8 cli command "police 4550000"

action 1.9 cli command "end"

Thanks!

Joe Clarke Tue, 08/11/2009 - 20:56

This is untested, but I think it should work. If not, post any errors, and I will tweak it as needed:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 006 regexp "SSID .Guest.*" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1

action 014 break

action 015 end

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 019 break

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

ryanlin2002 Tue, 08/11/2009 - 21:27

wow ! this is fantastic. let me test it right now, will report back in 5 minutes.

Joe Clarke Tue, 08/11/2009 - 21:34

Once you've verified this is working, you'll want to add a timer component to this as well. All of the actions will remain the same, but at the top, you'll want to do:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

event tag timer timer countdown time 60

trigger

correlate event assoc or event disassoc or event timer

This will run the policy 60 seconds after the router reboots just to clear out any leftover cruft.

ryanlin2002 Tue, 08/11/2009 - 21:45

Hi

The eem gets triggered when I join/leave the Guest SSID. However, the bandwidth remains unchanged.

Weird. Any ideas?

edit: let me run some debug for eem, i will see what i can find and post back the results.

Joe Clarke Tue, 08/11/2009 - 23:11

I found what looks like a bug when using "break" in applets. Try this version:

event manager applet guest-bandwidth

event none

action 001 cli command "enable"

action 002 cli command "more disk1:/dot11_as.txt"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim $line

action 005.2 set line $_string_result

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

ryanlin2002 Tue, 08/11/2009 - 23:39

almost there..it's working "halfy"

now it sets the bandwidth to full in both upstream and downstream (5050000 and 612000) when these two conditions are met:

1. guest joining the guest ssid

2. guest leaving the guest ssid

here is what i have:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "more flash:/dot11_as.txt"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim "$line"

action 005.2 set line "$_string_result"

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

!

thanks a lot :)

Joe Clarke Tue, 08/11/2009 - 23:47

Grr, I pasted my test version. You need to change action 002 to:

action 002 cli command "show dot11 as"

Correct Answer
Joe Clarke Tue, 08/11/2009 - 23:48

Just to be clear, try:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim "$line"

action 005.2 set line "$_string_result"

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

ryanlin2002 Tue, 08/11/2009 - 23:54

YES!!! It's working!! Thank you thank you!!!!

I assume the 60 seconds statement still applies to this new config, correct?

Thank you so much! i am very grateful for your assistance :)

Joe Clarke Tue, 08/11/2009 - 23:55

Yes, you will want to add the 60 second countdown timer to prevent problems if the router reboots while a guest is still logged in.

Actions

This Discussion