Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
3
Helpful
3
Replies

guest wireless access through ASA

aaroncward2
Level 1
Level 1

‎04-13-2010 09:30 AM - edited ‎03-11-2019 10:32 AM

We have an interface on a ASA5520 connected to the internet.  On one of the other interfaces we have the wireless gateway configured for guests to access the internet when needed.  Now employees are using their personal laptops to take advantage of unregulated internet access which has on several occasions saturated the access to the internet to a standstill.  Is there a way to limit the through put by a percentage of the main internet interface or some way to limit their speed?  We only have a 10mg internet pipe.

Labels:
0 Helpful
3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

‎04-13-2010 03:42 PM

You can police the wireless users traffic based on ip address as explained here

https://supportforums.cisco.com/docs/DOC-1230#Traffic_Policing_with_Prioritization

They will still be contending but they will be contending between each other about the bandwidth you have given them and they will not oversubscribe your wired users if you give them less than 10Mbps.

You cannot limit bandwidth per user though, you can limit connections per user using Modular Policy Framework, but not actual speed.

I hope it helps.

PK

aaroncward2
Level 1
Level 1
In response to Panos Kampanakis

‎04-14-2010 09:46 AM

I guess i need to spend some time on MPF. I have the service policy: global policy but can i add other policy maps without interfering the global policy? And could this policy be set on the wireless interface?

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to aaroncward2

‎04-14-2010 10:04 AM

Yes you can apply a policy on a per interface basis

ASA(config)# access list CONNS-ACL extended permit ip any 10.1.1.1 255.255.255.255
ASA(config)# class-map CONNS-MAP
ASA(config-cmap)# match access-list CONNS-ACL

ASA(config)# policy-map CONNS-POLICY

ASA(config-pmap)# class CONNS-MAP
ASA(config-pmap-c)# set connection {[conn-max n] [embryonic-conn-max n] [per-client-embryonic-max n] [per-client-max n] [random-sequence-number {enable | disable}]}

ASA(config)# service-policy CONNS-POLICY {global | interface interface_name}

Note that you are limiting the connection number not the actual bandwidth with the "per-client-max" option.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card