Wireless rate limit

Unanswered Question
Aug 17th, 2010

Hi,


My network infrastructure as simple as following:


LAN(edge switches 3560).......>Aggregator switch(3750)........>Firewall(ASA 5510)........>Router.......>Internet



I define 3 wireless VLANs with 3 SSIDs on the Aggregator switch(3750):


1. one SSID for company employees.

2. one SSID for wireless IP phones.

3. one SSID for company guest which access only internet.



And the wireless APs connected to the LAN(edge switches) direct with trunks.


My question is how to apply a rate limit for SSID for company guest to access internet with B.W. of 128kbps only.


I tried policy map to be applied on the aggregator switch(3750) on the VLAN interface, but, it is not working.


So, any suggested help, please.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Rollin Kibbe Tue, 08/17/2010 - 07:41

Hi Ahmed:


With autonomous APs, rate limiting isn't possible.  All the autonomous APs support is QoS and that's pretty iffy.  At the core of the issue, you're dealing with radio waves and which ones arrive at the radio first, and who was prevented from talking because someone else was talking.  Dealing with these QoS and traffic shaping/policing issues are really tough with wireless because the transmission medium itself is unreliable.


The "Configuring QoS" chapter of the autonomous AP configuration guide

  http://tools.cisco.com/squish/5aCf1


will show you how you can map priority tagging to an SSID so that in that path from radio receiver to outbound on the fastethernet interface toward the rest of the network, you can control which SSID's packets get up into the network first, but the reverse path is a different story.  Because the wireless medium is half-duplex acknowledged, you can have a high priority packet out there on the radio interface trying to be beamed out to the client, and if the client isn't sending their ACK or what have you, it's going to sit and retry until its 63 retries are done before it gets out of the way to let the next high priority packet have a turn at getting transmitted out.


Once the traffic gets past the edge switch, the fact that it was at one time wireless is irrelevant.  You should look at it as a general "rate limiting one VLAN's traffic over another" and check with the routing protocols or traffic shaping folks.


Sincerely,


Rollin Kibbe

Network Management Systems Team

cdesrochers Thu, 01/13/2011 - 11:19

Is it possible to do Rate limiting per SSID, by using the Wireless Controller like 4404 ?

Stephen Rodriguez Thu, 01/13/2011 - 11:33

Christian,

   Yes with the WLC you can go in and create bandwidth limitations, that are either linked to a user profile, or you can link them to a QoS Profile.



If you link to the QoS Profile, say Bronze, then all you need to do is set the Guest WLAN to be in the Bronze Profile in QoS.  If you want to allow certain users to get more than "x" bandwidth, you would do it to a user profile.



   ******Either way you do this, it only rate limits from the WLC down. ******  It is still possible to saturate a link from the edge to the WLC.  So you may want to do some traffic shaping at the edge.


Cheers,

Steve

Please remember to rate helpful posts

knaseer123 Tue, 09/17/2013 - 01:53

Assalamualaikum WRWB Mr. Ahmed Yassin.


I was also having same issue,


But i have resolve that by creating class map and policy map...

I am having 10Mb of inter link and i have restricted my Guest SSID with 2Mb only.

My septup i


WLC--->Cisco 4506E Switch--->ASA Firewall---> Router---> Internet

to resolve this you have to create


Access list

Class-map

Policy-map and

Service-policy


Access List

"extended ip access list 125

10 permit ip any a.b.c.d 255.255.255.x"


Class-map

"class map match-all Guest_internet_down

match access-group 125"


Policy-map

"policy map down

class Guest_internet_down

policy cir 128000

conform-action trasmit

exceed-action drop"


Service-Policy

"service-policy input down"

(Note:- You have to apply this service policy on the interface which is connecting to 3750 switch from 3560)


I hope by following the above steps you can get the required result.

Actions

This Discussion

 

 

Trending Topics - Security & Network