Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do I do this?

Hi all

My home network consists of two SSIDS, a Home SSID and a Guest SSID.

I have service policy maps applied to both SSIDs to restrict the bandwidth usage.

The Guest SSID is not being used that often in the house, which results in bandwidth being wasted.

What I would like to accomplish is the following:

1. The ability to give Home SSID full bandwidth when there are no guests connected to the Guest SSID.

2. When Guest SSID detects a host or multiple hosts, the Home SSID should give the bandwidth back to the Guest SSID.

For example...

On a 64kbps link, the home ssid is assigned 32kbps and the guest ssid is assigned 32kbps respectively.

When there are no guest machines connected to the guest ssid, the Home ssid network should get the full 64kbps.

If one guest or multiple guests are connected to the guest ssid, then the home ssid should revert back to 32kbps automatically.

I know how to do this if there is only one guest host on the network. I can match the connection patterns in the syslog by looking at the association and deassociation messages. However, this solution would no longer be feasible if there are multiple guest hosts on the guest ssid.

Any suggestions on how to accomplish this?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: How do I do this?

Just to be clear, try:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim "$line"

action 005.2 set line "$_string_result"

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

21 REPLIES
Cisco Employee

Re: How do I do this?

This is easily doable with an EEM policy. What version of IOS will you be running? Post the output of the command you will use to determine if someone is associated.

New Member

Re: How do I do this?

Hi

Thanks for your fast reply.

I am currently running on IOS 12.4.22.T2 to take advantage of the new EEM 3.0 features.

I run "show dot11 as" to see the ssid client associations.

Thanks

Cisco Employee

Re: How do I do this?

Please post the output of that command when you have a client associated, and when you don't. This may be doable with an EEM applet if you're using EEM 3.0.

New Member

Re: How do I do this?

Hi

Here is the output:

Cisco871W#show dot11 as

802.11 Client Stations on Dot11Radio0:

SSID [Guest] :

MAC Address IP address Device Name Parent State

0021.5c39.6c73 10.0.165.2 unknown - self Assoc

SSID [Home] :

Cisco871W#show dot11 as

802.11 Client Stations on Dot11Radio0:

SSID [Guest] :

SSID [Home] :

MAC Address IP address Device Name Parent State

0021.5c39.6c73 192.168.165.4 unknown - self Assoc

Cisco871W#exit

Thanks

Cisco Employee

Re: How do I do this?

Great. What commands would you like to run to grant the guest VLAN bandwidth, then take that bandwidth away?

New Member

Re: How do I do this?

To take the bandwidth away, I would simply add the guest bandwidth to the existing home policy-map:

This is my current configuration:

!

policy-map QoS_In_BVI2

class class-default

police 150000

policy-map QoS_In_BVI1

class Restrict_P2P_Bandwidth

police 8000

class class-default

police 462000

policy-map QoS_Out_BVI2

class class-default

police rate 500000

policy-map QoS_Out_BVI1

class class-default

police 4550000

!

If there is no guest hosts, the eem should implement the following command automatically:

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "policy-map QoS_In_BVI1"

action 1.3 cli command "class class-default"

action 1.4 cli command "police 612000"

action 1.5 cli command "exit"

action 1.6 cli command "policy-map QoS_Out_BVI1"

action 1.7 cli command "class class-default"

action 1.8 cli command "police 5050000"

action 1.9 cli command "end"

If there is are guest hosts, then the eem should implement the following according to the original configuration:

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "policy-map QoS_In_BVI1"

action 1.3 cli command "class class-default"

action 1.4 cli command "police 462000"

action 1.5 cli command "exit"

action 1.6 cli command "policy-map QoS_Out_BVI1"

action 1.7 cli command "class class-default"

action 1.8 cli command "police 4550000"

action 1.9 cli command "end"

Thanks!

Cisco Employee

Re: How do I do this?

This is untested, but I think it should work. If not, post any errors, and I will tweak it as needed:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 006 regexp "SSID .Guest.*" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1

action 014 break

action 015 end

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 019 break

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

New Member

Re: How do I do this?

wow ! this is fantastic. let me test it right now, will report back in 5 minutes.

Cisco Employee

Re: How do I do this?

Once you've verified this is working, you'll want to add a timer component to this as well. All of the actions will remain the same, but at the top, you'll want to do:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

event tag timer timer countdown time 60

trigger

correlate event assoc or event disassoc or event timer

This will run the policy 60 seconds after the router reboots just to clear out any leftover cruft.

New Member

Re: How do I do this?

Hi

The eem gets triggered when I join/leave the Guest SSID. However, the bandwidth remains unchanged.

Weird. Any ideas?

edit: let me run some debug for eem, i will see what i can find and post back the results.

Cisco Employee

Re: How do I do this?

What output do you get in show logg?

New Member

Re: How do I do this?

it just shows the usual association and deassociation in the show log.

attached the show log output to this message

New Member

Re: How do I do this?

the debug results are in...

it got stuck after "show dot11 as" is executed in EEM.

please see attached.

thanks!

Cisco Employee

Re: How do I do this?

I found what looks like a bug when using "break" in applets. Try this version:

event manager applet guest-bandwidth

event none

action 001 cli command "enable"

action 002 cli command "more disk1:/dot11_as.txt"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim $line

action 005.2 set line $_string_result

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

New Member

Re: How do I do this?

almost there..it's working "halfy"

now it sets the bandwidth to full in both upstream and downstream (5050000 and 612000) when these two conditions are met:

1. guest joining the guest ssid

2. guest leaving the guest ssid

here is what i have:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "more flash:/dot11_as.txt"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim "$line"

action 005.2 set line "$_string_result"

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

!

thanks a lot :)

Cisco Employee

Re: How do I do this?

Grr, I pasted my test version. You need to change action 002 to:

action 002 cli command "show dot11 as"

Cisco Employee

Re: How do I do this?

Just to be clear, try:

event manager applet guest-bandwidth

event tag assoc syslog pattern "DOT11-6-ASSOC"

event tag disassoc syslog pattern "DOT11-6-DISASSOC"

trigger

correlate event assoc or event disassoc

action 001 cli command "enable"

action 002 cli command "show dot11 as"

action 003 set reading_guest "0"

action 004 set found_guest "0"

action 005 foreach line "$_cli_result" "\n"

action 005.1 string trim "$line"

action 005.2 set line "$_string_result"

action 006 regexp "SSID .Guest.*:" "$line"

action 007 if $_regexp_result eq 1

action 008 set reading_guest "1"

action 009 continue

action 010 end

action 011 if $reading_guest eq 1

action 012 regexp "SSID.*:" "$line"

action 013 if $_regexp_result eq 1 goto 023

action 016 regexp "MAC Address" "$line"

action 017 if $_regexp_result eq 1

action 018 set found_guest "1"

action 020 end

action 021 end

action 022 end

action 023 if $found_guest eq 1

action 024 cli command "config t"

action 025 cli command "policy-map QoS_In_BVI1"

action 026 cli command "class class-default"

action 027 cli command "police 462000"

action 028 cli command "exit"

action 029 cli command "policy-map QoS_Out_BVI1"

action 030 cli command "class class-default"

action 031 cli command "police 4550000"

action 032 cli command "end"

action 033 syslog msg "Found guest(s) associated; adding bandwidth"

action 034 else

action 035 cli command "config t"

action 036 cli command "policy-map QoS_In_BVI1"

action 037 cli command "class class-default"

action 038 cli command "police 612000"

action 039 cli command "exit"

action 040 cli command "policy-map QoS_Out_BVI1"

action 041 cli command "class class-default"

action 042 cli command "police 5050000"

action 043 cli command "end"

action 044 syslog msg "No guests associated; removing bandwidth"

action 045 end

New Member

Re: How do I do this?

YES!!! It's working!! Thank you thank you!!!!

I assume the 60 seconds statement still applies to this new config, correct?

Thank you so much! i am very grateful for your assistance :)

Cisco Employee

Re: How do I do this?

Yes, you will want to add the 60 second countdown timer to prevent problems if the router reboots while a guest is still logged in.

New Member

Re: How do I do this?

okay, will do.

Thanks again :)

New Member

Re: How do I do this?

duplicate

218
Views
0
Helpful
21
Replies