Solved

How to limit bandwidth for PUBLIC wireless network with Cisco WLAN Controller and APs

Posted on 2013-11-14
7
2,059 Views
Last Modified: 2013-11-16
We have a Cisco 4400 WLAN controller and several 3500 series APs.   I need some advice on how best to limit the bandwidth on a PUBLIC network but not limit for PRODUCTION.  All APs will support both networks. We should be able to safely allocate up to 20Meg for PUBLIC.   What is the best way to limit to 20Meg for the PUBLIC SSID?  Also, any insight on other configurations to enhance PUBLIC for performance, such as using 'Multicast Direct Feature, is appreciated!
0
Comment
Question by:davis
  • 4
  • 3
7 Comments
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39651004
If you're running v7.0.116.0 or newer code on the WLC you can use Per-User Bandwidth Contracts.  That will let you give each user a specific amount of bandwidth, per SSID, although you'll need to ensure that other SSIDs don't use the same QoS profile.

Also, this is downstream only, so uploads won't be affected by this.

If you want to limit the SSID to 20Mbps total for all users collectively I'd do that at the upstream router.
0
 
LVL 1

Author Comment

by:davis
ID: 39653214
We are interested in limiting bandwidth usage only for guests connecting to a 'PUBLIC' WLAN, hosted on APs which also publish a 'PRIVATE/PRODUCTION' WLAN.  So, limiting at upstream router won't work. We also have many more wired clients at the sites.  However, some type of QOS on the 'PUBLIC' WLAN should work.  Sounds like per-user-bandwidth contract would help.  

For our needs, which would be a better solution -  application of 'Platinum, Gold, Silver, and Bronze QoS profiles', as stated in the article below, or using per-user-bandwidth contracts?  Thanks for your insight!

Configuring Quality of Service
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39653222
Can you not limit bandwidth for a specific interface or subnet on the upstream router?

You would apply one of the Platinum, Gold, Silver or Bronze profiles to the Public WLAN, then simply adjust the variables in the Per User settings within the QoS profile.  I'd probably apply the Bronze profile as that's is usually applied to 'all other' traffic.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:davis
ID: 39653265
in thinking about it, throttling the bandwidth for both WLANs (Public & Private) at the upstream router/interface would probably work fine.  My thought is that users of the 'private/production' will (almost) never reach the bandwidth demands of a public user. They simply run Citrix connections to their production apps. both the WLANs are on the same VLAN, where we could rate-limit or apply QOS.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39653276
You'd have to do that at the WLAN then if they're both on the same VLAN, by applying the Bronze QoS profile to the Guest WLAN.

It's a bit off-topic, but I would implement a different VLAN for guest traffic.
0
 
LVL 1

Author Comment

by:davis
ID: 39653293
I would agree, best practice would recommend a separate VLAN for guest traffic.  As well, not to get too far of topic but interested to know - where would you monitor utilization to see if there is even a potential issue?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39653320
You'd need to do some debugging to see where clients are trying to get to.  That would generally require Wireshark for example.

You could create ACLs on the WLC and log them to see what people are up to, but that can put unnecessary overhead on the WLC, particularly if it's under heavy load to begin with.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco 1830 AP behaving wierdly 7 25
Wireshark 7 53
Wifi install - small London office 9 80
Cisco ASDM migration 2 5
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now