I am working on network with 3 4404 WLC's on the internal network and now we will be adding another controller to the DMZ to make a anchor controller for a guest WLAN. I have a request to restrict internet bandwidth for this guest network to 25% of total bandwidth or less. The firewall is a Pix 515 running 7.0(2).
Anyone have any ideas on how I can restrict bandwidth on one particular WLAN. I was thinking of QOS on that WLAN, but there has to be an easier or better way.
Solved! Go to Solution.
The pix should support policy maps at 7.0(2) if not upgrade to 7.2.1
here is a sample where the policy is bound to the interface that wifi uses on the PIX:
police output 756000 37500
service-policy global_policy global
service-policy WIFI-nonweb interface policy-dmz
Is this config going to restrict bandwidth per session or for all connections to this interface?
It will restrict the total bandwidth for that VLAN. I would think that QoS would be easier to configure on the controllers for that one vlan. If you click on "Controllers", on the left at the bottom you should see "QoS Profiles". Edit the "Bronze" profile under "Per-User Bandwidth Contracts" to the bandwidth you want your guests to have. Mine are set to 512K Average and 768k bursts, then save the profile. Then under your guest WLAN, set the Quality of Service to Bronze and you will be set.
The only catch is you will have to disable the 802.11G and A radios prior to editing the QoS profiles. You can do this by clicking on "Wireless" and in the left column click "802.11B/G Network". then under the "General" area, uncheck the checkbox that says "802.11b/g Network Status".
Hope this helps.
Thanks guys for the info. I'll try this. I was hoping there was an easier way than having to limit the bandwidth on the interface. Turns out that's really not the best solution anyway.
Great info beaver, I have recently implemented this QoS package on our public wireless and have tested it with our local speed test server and have noticed that it only throttles download, upload still runs unchecked. Is this just poor design or am I missing an option somehwere?
Possibly, although it does satisfy my needs at the moment I just wanted to give everyone else the heads up. These tests were run on a 1242 radio with a 4404 running 126.96.36.199
The speedtests are very reliable.
2007/11/20 14:54:35 3,845,032 3,300,464 995 4 61%
2007/11/20 14:57:59 795,240 3,336,864 980 3 62%
I tried tabbing this out but no luck, fields are; date, time, download, upload, max pause, rtt, qos.
I had set my averages at 768 with a burst of 1024.