QOS or ACL on a guest vlan

Posted on 2015-02-06
Last Modified: 2015-02-09
I have a guest wireless vlan 103 on my network and i want to limit them to 20 meg max. I need a complete Qos or access list to get this done.  I am not sure which will do the trick whichever is easiest  will suffice.

version 12.2 se3 3750G 48port
Question by:cj_cb
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
LVL 25

Expert Comment

by:Ken Boone
ID: 40594150
How is this guest vlan setup?  Where is the layer 3 gateway  for this vlan? On the AP, layer 3 switch or firewall?  Depending on where and how its setup can drive the different options we have to deal with this.

Author Comment

ID: 40594449
great question the vlan is setup on the switch

thanks CJ
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40594464
is this 20mbps total or per client, can we just limit the interface?
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 40594498
again great question 20mb total.
LVL 25

Expert Comment

by:Ken Boone
ID: 40594568
ok so let me be more specific.  Obviously the vlan is set up on the switch.. Where is the layer 3 interface for the vlan that all of this traffic will have to pass through in order to get to the internet?

Author Comment

ID: 40594576
on the same switch, it handles all layer 3 traffic.
LVL 25

Expert Comment

by:Ken Boone
ID: 40594582
Okay so the layer 3 interface is on the switch, what kind of firewall are you using?

Author Comment

ID: 40594595
its an ASA 5505
LVL 18

Accepted Solution

Akinsd earned 500 total points
ID: 40595748
You need a combination of both

The IOS version of your software may determine which commands you have available to you

Here is a simple configuration
Identify the traffic you want to monitor by an ACL
GUEST VLAN 50 = /24

Switch(config)#ip access-list standard BW<20Mb-ACL

Then Configure QoS

- Create a class map
Switch(config)#class-map BW<20Mb-CM
Switch(config-cmap)#match access-group name BW<20Mb-ACL

- Create a policy map
Switch(config)#policy-map BW<20Mb-PM
Switch(config-pmap)#class BW<20Mb-CM
Switch(config-pmap-c)#police 20000000 conform-action transmit exceed-action drop

- Apply the policy to the interface
Switch(config)#interface vlan 50
Switch(config-if)#service-policy output BW<20Mb-PM

Here is a simple step by step video

If you want more detail info on QoS, watch the video below

Author Comment

ID: 40598839
this is great thanks for the help
LVL 18

Expert Comment

ID: 40598884
You're welcome
All the best

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Question about Authentication Domain 6 96
Fiber optic multimode cable issue 6 66
VTP servers with 3650 switches 5 46
creating SVI on layer 3 switch 1 55
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question