Do ACLs on WLCs limit throughput

Unanswered Question
Mar 7th, 2010

My boss wants me to create a WLAN for guests, so I created and VLAN and SSID for them and used a webauth bundle with an accept button.  Next I was told the WLAN needs to be limited to DHCP, DNS, HTTP and HTTPS.  I created an ACL on the controller and tested it.

My throughput is cut by 66% on 802.11a/b/g access points, but seems to have no effect on the 802.11n access points.  My normal download is about 22 mb/s on 802.11g, but with ACL applied, it dwindles down to 7mb/s.

Should I be placing the ACL on the 6509 that is the host chassis for the WLC?

Are there any other suggestions?  What is everyone else doing?

Thanks in advance,

Tim

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Sun, 03/07/2010 - 08:01

I have only used ACL's on the WLC in a lab environment and removed it when I put it into production.  I would never use it in a production environment.  Either place your ACL's on your L3 devices or use a FW if guest traffic is either directed out to the DMZ or if you are using guest anchoring.  I never did see any throughput drop, but then again never used ACL's in a production network.

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml

Here is a thread than has some info also:

https://supportforums.cisco.com/message/3005351;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0

Actions

This Discussion

 

 

Trending Topics - Security & Network