Link to home
Start Free TrialLog in
Avatar of davis
davisFlag for United States of America

asked on

How to limit bandwidth for PUBLIC wireless network with Cisco WLAN Controller and APs

We have a Cisco 4400 WLAN controller and several 3500 series APs.   I need some advice on how best to limit the bandwidth on a PUBLIC network but not limit for PRODUCTION.  All APs will support both networks. We should be able to safely allocate up to 20Meg for PUBLIC.   What is the best way to limit to 20Meg for the PUBLIC SSID?  Also, any insight on other configurations to enhance PUBLIC for performance, such as using 'Multicast Direct Feature, is appreciated!
ASKER CERTIFIED SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of davis
davis
Flag of United States of America image

ASKER

We are interested in limiting bandwidth usage only for guests connecting to a 'PUBLIC' WLAN, hosted on APs which also publish a 'PRIVATE/PRODUCTION' WLAN.  So, limiting at upstream router won't work. We also have many more wired clients at the sites.  However, some type of QOS on the 'PUBLIC' WLAN should work.  Sounds like per-user-bandwidth contract would help.  

For our needs, which would be a better solution -  application of 'Platinum, Gold, Silver, and Bronze QoS profiles', as stated in the article below, or using per-user-bandwidth contracts?  Thanks for your insight!

Configuring Quality of Service
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
Can you not limit bandwidth for a specific interface or subnet on the upstream router?

You would apply one of the Platinum, Gold, Silver or Bronze profiles to the Public WLAN, then simply adjust the variables in the Per User settings within the QoS profile.  I'd probably apply the Bronze profile as that's is usually applied to 'all other' traffic.
Avatar of davis
davis
Flag of United States of America image

ASKER

in thinking about it, throttling the bandwidth for both WLANs (Public & Private) at the upstream router/interface would probably work fine.  My thought is that users of the 'private/production' will (almost) never reach the bandwidth demands of a public user. They simply run Citrix connections to their production apps. both the WLANs are on the same VLAN, where we could rate-limit or apply QOS.
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
You'd have to do that at the WLAN then if they're both on the same VLAN, by applying the Bronze QoS profile to the Guest WLAN.

It's a bit off-topic, but I would implement a different VLAN for guest traffic.
Avatar of davis
davis
Flag of United States of America image

ASKER

I would agree, best practice would recommend a separate VLAN for guest traffic.  As well, not to get too far of topic but interested to know - where would you monitor utilization to see if there is even a potential issue?
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
You'd need to do some debugging to see where clients are trying to get to.  That would generally require Wireshark for example.

You could create ACLs on the WLC and log them to see what people are up to, but that can put unnecessary overhead on the WLC, particularly if it's under heavy load to begin with.