Solved

QOS or ACL on a guest vlan

Posted on 2015-02-06
11
383 Views
Last Modified: 2015-02-09
I have a guest wireless vlan 103 on my network and i want to limit them to 20 meg max. I need a complete Qos or access list to get this done.  I am not sure which will do the trick whichever is easiest  will suffice.

version 12.2 se3 3750G 48port
0
Comment
Question by:cj_cb
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 24

Expert Comment

by:Ken Boone
ID: 40594150
How is this guest vlan setup?  Where is the layer 3 gateway  for this vlan? On the AP, layer 3 switch or firewall?  Depending on where and how its setup can drive the different options we have to deal with this.
0
 

Author Comment

by:cj_cb
ID: 40594449
great question the vlan is setup on the switch

thanks CJ
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40594464
is this 20mbps total or per client, can we just limit the interface?
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:cj_cb
ID: 40594498
again great question 20mb total.
0
 
LVL 24

Expert Comment

by:Ken Boone
ID: 40594568
ok so let me be more specific.  Obviously the vlan is set up on the switch.. Where is the layer 3 interface for the vlan that all of this traffic will have to pass through in order to get to the internet?
0
 

Author Comment

by:cj_cb
ID: 40594576
on the same switch, it handles all layer 3 traffic.
0
 
LVL 24

Expert Comment

by:Ken Boone
ID: 40594582
Okay so the layer 3 interface is on the switch, what kind of firewall are you using?
0
 

Author Comment

by:cj_cb
ID: 40594595
its an ASA 5505
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 40595748
You need a combination of both

NOTE!
The IOS version of your software may determine which commands you have available to you

Here is a simple configuration
Identify the traffic you want to monitor by an ACL
eg
GUEST VLAN 50 = 10.85.50.0 /24

Switch(config)#ip access-list standard BW<20Mb-ACL
Switch(config-std-nacl)#permit 10.85.50.0 0.0.0.255


Then Configure QoS

- Create a class map
Switch(config)#class-map BW<20Mb-CM
Switch(config-cmap)#match access-group name BW<20Mb-ACL


- Create a policy map
Switch(config)#policy-map BW<20Mb-PM
Switch(config-pmap)#class BW<20Mb-CM
Switch(config-pmap-c)#police 20000000 conform-action transmit exceed-action drop


- Apply the policy to the interface
Switch(config)#interface vlan 50
Switch(config-if)#service-policy output BW<20Mb-PM


Here is a simple step by step video
https://www.youtube.com/watch?v=axd1YqKJMy8

If you want more detail info on QoS, watch the video below
https://www.youtube.com/watch?v=aHySjaG6uvw
0
 

Author Comment

by:cj_cb
ID: 40598839
this is great thanks for the help
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40598884
You're welcome
All the best
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question