Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

QOS or ACL on a guest vlan

Posted on 2015-02-06
11
Medium Priority
?
388 Views
Last Modified: 2015-02-09
I have a guest wireless vlan 103 on my network and i want to limit them to 20 meg max. I need a complete Qos or access list to get this done.  I am not sure which will do the trick whichever is easiest  will suffice.

version 12.2 se3 3750G 48port
0
Comment
Question by:cj_cb
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40594150
How is this guest vlan setup?  Where is the layer 3 gateway  for this vlan? On the AP, layer 3 switch or firewall?  Depending on where and how its setup can drive the different options we have to deal with this.
0
 

Author Comment

by:cj_cb
ID: 40594449
great question the vlan is setup on the switch

thanks CJ
0
 
LVL 13

Expert Comment

by:Bryant Schaper
ID: 40594464
is this 20mbps total or per client, can we just limit the interface?
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 

Author Comment

by:cj_cb
ID: 40594498
again great question 20mb total.
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40594568
ok so let me be more specific.  Obviously the vlan is set up on the switch.. Where is the layer 3 interface for the vlan that all of this traffic will have to pass through in order to get to the internet?
0
 

Author Comment

by:cj_cb
ID: 40594576
on the same switch, it handles all layer 3 traffic.
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40594582
Okay so the layer 3 interface is on the switch, what kind of firewall are you using?
0
 

Author Comment

by:cj_cb
ID: 40594595
its an ASA 5505
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 2000 total points
ID: 40595748
You need a combination of both

NOTE!
The IOS version of your software may determine which commands you have available to you

Here is a simple configuration
Identify the traffic you want to monitor by an ACL
eg
GUEST VLAN 50 = 10.85.50.0 /24

Switch(config)#ip access-list standard BW<20Mb-ACL
Switch(config-std-nacl)#permit 10.85.50.0 0.0.0.255


Then Configure QoS

- Create a class map
Switch(config)#class-map BW<20Mb-CM
Switch(config-cmap)#match access-group name BW<20Mb-ACL


- Create a policy map
Switch(config)#policy-map BW<20Mb-PM
Switch(config-pmap)#class BW<20Mb-CM
Switch(config-pmap-c)#police 20000000 conform-action transmit exceed-action drop


- Apply the policy to the interface
Switch(config)#interface vlan 50
Switch(config-if)#service-policy output BW<20Mb-PM


Here is a simple step by step video
https://www.youtube.com/watch?v=axd1YqKJMy8

If you want more detail info on QoS, watch the video below
https://www.youtube.com/watch?v=aHySjaG6uvw
0
 

Author Comment

by:cj_cb
ID: 40598839
this is great thanks for the help
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40598884
You're welcome
All the best
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question