Solved

How to limit bandwidth for PUBLIC wireless network with Cisco WLAN Controller and APs

Posted on 2013-11-14
7
2,498 Views
Last Modified: 2013-11-16
We have a Cisco 4400 WLAN controller and several 3500 series APs.   I need some advice on how best to limit the bandwidth on a PUBLIC network but not limit for PRODUCTION.  All APs will support both networks. We should be able to safely allocate up to 20Meg for PUBLIC.   What is the best way to limit to 20Meg for the PUBLIC SSID?  Also, any insight on other configurations to enhance PUBLIC for performance, such as using 'Multicast Direct Feature, is appreciated!
0
Comment
Question by:davis
  • 4
  • 3
7 Comments
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39651004
If you're running v7.0.116.0 or newer code on the WLC you can use Per-User Bandwidth Contracts.  That will let you give each user a specific amount of bandwidth, per SSID, although you'll need to ensure that other SSIDs don't use the same QoS profile.

Also, this is downstream only, so uploads won't be affected by this.

If you want to limit the SSID to 20Mbps total for all users collectively I'd do that at the upstream router.
0
 
LVL 1

Author Comment

by:davis
ID: 39653214
We are interested in limiting bandwidth usage only for guests connecting to a 'PUBLIC' WLAN, hosted on APs which also publish a 'PRIVATE/PRODUCTION' WLAN.  So, limiting at upstream router won't work. We also have many more wired clients at the sites.  However, some type of QOS on the 'PUBLIC' WLAN should work.  Sounds like per-user-bandwidth contract would help.  

For our needs, which would be a better solution -  application of 'Platinum, Gold, Silver, and Bronze QoS profiles', as stated in the article below, or using per-user-bandwidth contracts?  Thanks for your insight!

Configuring Quality of Service
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39653222
Can you not limit bandwidth for a specific interface or subnet on the upstream router?

You would apply one of the Platinum, Gold, Silver or Bronze profiles to the Public WLAN, then simply adjust the variables in the Per User settings within the QoS profile.  I'd probably apply the Bronze profile as that's is usually applied to 'all other' traffic.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 1

Author Comment

by:davis
ID: 39653265
in thinking about it, throttling the bandwidth for both WLANs (Public & Private) at the upstream router/interface would probably work fine.  My thought is that users of the 'private/production' will (almost) never reach the bandwidth demands of a public user. They simply run Citrix connections to their production apps. both the WLANs are on the same VLAN, where we could rate-limit or apply QOS.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39653276
You'd have to do that at the WLAN then if they're both on the same VLAN, by applying the Bronze QoS profile to the Guest WLAN.

It's a bit off-topic, but I would implement a different VLAN for guest traffic.
0
 
LVL 1

Author Comment

by:davis
ID: 39653293
I would agree, best practice would recommend a separate VLAN for guest traffic.  As well, not to get too far of topic but interested to know - where would you monitor utilization to see if there is even a potential issue?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39653320
You'd need to do some debugging to see where clients are trying to get to.  That would generally require Wireshark for example.

You could create ACLs on the WLC and log them to see what people are up to, but that can put unnecessary overhead on the WLC, particularly if it's under heavy load to begin with.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Home network with two AP's dropping WiFi connectivity 12 70
Guest Wi-Fi Time out 3 28
ASA ISP failover 3 24
Password recovery 2960S 4 13
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question