Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

WLC user rate limit on guest ssid anchor controller


I have been looking through the forums & some cisco documents but not found a good example similar to what I am seeking to do so now I am turning to the expertise of my peers.

We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ.

Both the foreign and anchor controller are here at my location.

I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid.

As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.

We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.

I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.

So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.

Thanks guys!           


Oh and here is my hardware & software levels.

5508wlc - forgeign

4402wlc - anchor

Software Version7.0.230.0

WLC user rate limit on guest ssid anchor controller

Hi Mike,

You can try using the QoS role to limit the bandwidth of guest clients:



Rating useful replies is more useful than saying "Thank you"
New Member

Re: WLC user rate limit on guest ssid anchor controller


Thank you for taking the time to respond as well as the document link.

It was pretty clear on the steps and what it would impact.

Two things that push me for a different solution (assuming their is one).

Note The values that you configure for the per-user bandwidth contracts affect only the amount of bandwidth going downstream (from the access point to the wireless client). They do not affect the bandwidth for upstream traffic (from the client to the access point).

As you can see from the above note taken out of the linked document the roll based rate limit doesnt really rate limit the T1 traffic any guest user consumes it only limits usage from the AP down to the client.

#1 I am looking for a solution that limits the users up & down streams (if possible) & also before it leaves the AP for the T1.

The idea is to limit WAN utilization.

#2 I read in the forums here others asking about the "user role" and saw some comments saying it is not considered "best practice" to use user roles.

Let me clarify that our guest ssid's are using the http webpage pass through for authentication and it is really only the tic mark to indicate they understand the terms and conditions of using our internet as a guest service. No actual user accounts are used on the guest ssid's.

***One last question about this and any other changes***

Will any change I make be on the "Foreign, Anchor" or both Controllers?

Cisco Employee

WLC user rate limit on guest ssid anchor controller

Uplink is controlled by AP/WLC while Downlink is controlled by WLC.

Currently, WLC supports throttling one way i.e, downlink only. uplink traffic from wireless client to WLC can't be throttled however traffic leaving WLC for the wireless user can.

Will any change I make be on the "Foreign, Anchor" or both Controllers?

I'd apply on both WLCs.

you could either use WLAN(see below) or per user bandwidth contract. however per user contract can't be used if pass through is used.

On built in profile name - bronze/silver configure the parameters and use it on guest WLAN. This way guest ssid could only have limited downlink bandwidth that can be used with pass through.

CreatePlease to create content