Do ACLs on WLCs limit throughput

tdennehy · ‎03-07-2010

My boss wants me to create a WLAN for guests, so I created and VLAN and SSID for them and used a webauth bundle with an accept button. Next I was told the WLAN needs to be limited to DHCP, DNS, HTTP and HTTPS. I created an ACL on the controller and tested it.

My throughput is cut by 66% on 802.11a/b/g access points, but seems to have no effect on the 802.11n access points. My normal download is about 22 mb/s on 802.11g, but with ACL applied, it dwindles down to 7mb/s.

Should I be placing the ACL on the 6509 that is the host chassis for the WLC?

Are there any other suggestions? What is everyone else doing?

Thanks in advance,

Tim

Scott Fella · ‎03-07-2010

I have only used ACL's on the WLC in a lab environment and removed it when I put it into production. I would never use it in a production environment. Either place your ACL's on your L3 devices or use a FW if guest traffic is either directed out to the DMZ or if you are using guest anchoring. I never did see any throughput drop, but then again never used ACL's in a production network.

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml

Here is a thread than has some info also:

https://supportforums.cisco.com/message/3005351;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0

-Scott
*** Please rate helpful posts ***