How to limit bandwidth for PUBLIC wireless network with Cisco WLAN Controller and APs

We have a Cisco 4400 WLAN controller and several 3500 series APs.   I need some advice on how best to limit the bandwidth on a PUBLIC network but not limit for PRODUCTION.  All APs will support both networks. We should be able to safely allocate up to 20Meg for PUBLIC.   What is the best way to limit to 20Meg for the PUBLIC SSID?  Also, any insight on other configurations to enhance PUBLIC for performance, such as using 'Multicast Direct Feature, is appreciated!
LVL 1
davisAsked:
Who is Participating?
 
Craig BeckConnect With a Mentor Commented:
If you're running v7.0.116.0 or newer code on the WLC you can use Per-User Bandwidth Contracts.  That will let you give each user a specific amount of bandwidth, per SSID, although you'll need to ensure that other SSIDs don't use the same QoS profile.

Also, this is downstream only, so uploads won't be affected by this.

If you want to limit the SSID to 20Mbps total for all users collectively I'd do that at the upstream router.
0
 
davisAuthor Commented:
We are interested in limiting bandwidth usage only for guests connecting to a 'PUBLIC' WLAN, hosted on APs which also publish a 'PRIVATE/PRODUCTION' WLAN.  So, limiting at upstream router won't work. We also have many more wired clients at the sites.  However, some type of QOS on the 'PUBLIC' WLAN should work.  Sounds like per-user-bandwidth contract would help.  

For our needs, which would be a better solution -  application of 'Platinum, Gold, Silver, and Bronze QoS profiles', as stated in the article below, or using per-user-bandwidth contracts?  Thanks for your insight!

Configuring Quality of Service
0
 
Craig BeckCommented:
Can you not limit bandwidth for a specific interface or subnet on the upstream router?

You would apply one of the Platinum, Gold, Silver or Bronze profiles to the Public WLAN, then simply adjust the variables in the Per User settings within the QoS profile.  I'd probably apply the Bronze profile as that's is usually applied to 'all other' traffic.
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

 
davisAuthor Commented:
in thinking about it, throttling the bandwidth for both WLANs (Public & Private) at the upstream router/interface would probably work fine.  My thought is that users of the 'private/production' will (almost) never reach the bandwidth demands of a public user. They simply run Citrix connections to their production apps. both the WLANs are on the same VLAN, where we could rate-limit or apply QOS.
0
 
Craig BeckCommented:
You'd have to do that at the WLAN then if they're both on the same VLAN, by applying the Bronze QoS profile to the Guest WLAN.

It's a bit off-topic, but I would implement a different VLAN for guest traffic.
0
 
davisAuthor Commented:
I would agree, best practice would recommend a separate VLAN for guest traffic.  As well, not to get too far of topic but interested to know - where would you monitor utilization to see if there is even a potential issue?
0
 
Craig BeckCommented:
You'd need to do some debugging to see where clients are trying to get to.  That would generally require Wireshark for example.

You could create ACLs on the WLC and log them to see what people are up to, but that can put unnecessary overhead on the WLC, particularly if it's under heavy load to begin with.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.