Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Do ACLs on WLCs limit throughput

My boss wants me to create a WLAN for guests, so I created and VLAN and SSID for them and used a webauth bundle with an accept button.  Next I was told the WLAN needs to be limited to DHCP, DNS, HTTP and HTTPS.  I created an ACL on the controller and tested it.

My throughput is cut by 66% on 802.11a/b/g access points, but seems to have no effect on the 802.11n access points.  My normal download is about 22 mb/s on 802.11g, but with ACL applied, it dwindles down to 7mb/s.

Should I be placing the ACL on the 6509 that is the host chassis for the WLC?

Are there any other suggestions?  What is everyone else doing?

Thanks in advance,

Tim

1 REPLY
Hall of Fame Super Silver

Re: Do ACLs on WLCs limit throughput

I have only used ACL's on the WLC in a lab environment and removed it when I put it into production.  I would never use it in a production environment.  Either place your ACL's on your L3 devices or use a FW if guest traffic is either directed out to the DMZ or if you are using guest anchoring.  I never did see any throughput drop, but then again never used ACL's in a production network.

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml

Here is a thread than has some info also:

https://supportforums.cisco.com/message/3005351;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0

-Scott
*** Please rate helpful posts ***
216
Views
0
Helpful
1
Replies