?
Solved

QOS or ACL on a guest vlan

Posted on 2015-02-06
11
Medium Priority
?
387 Views
Last Modified: 2015-02-09
I have a guest wireless vlan 103 on my network and i want to limit them to 20 meg max. I need a complete Qos or access list to get this done.  I am not sure which will do the trick whichever is easiest  will suffice.

version 12.2 se3 3750G 48port
0
Comment
Question by:cj_cb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40594150
How is this guest vlan setup?  Where is the layer 3 gateway  for this vlan? On the AP, layer 3 switch or firewall?  Depending on where and how its setup can drive the different options we have to deal with this.
0
 

Author Comment

by:cj_cb
ID: 40594449
great question the vlan is setup on the switch

thanks CJ
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40594464
is this 20mbps total or per client, can we just limit the interface?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:cj_cb
ID: 40594498
again great question 20mb total.
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40594568
ok so let me be more specific.  Obviously the vlan is set up on the switch.. Where is the layer 3 interface for the vlan that all of this traffic will have to pass through in order to get to the internet?
0
 

Author Comment

by:cj_cb
ID: 40594576
on the same switch, it handles all layer 3 traffic.
0
 
LVL 25

Expert Comment

by:Ken Boone
ID: 40594582
Okay so the layer 3 interface is on the switch, what kind of firewall are you using?
0
 

Author Comment

by:cj_cb
ID: 40594595
its an ASA 5505
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 2000 total points
ID: 40595748
You need a combination of both

NOTE!
The IOS version of your software may determine which commands you have available to you

Here is a simple configuration
Identify the traffic you want to monitor by an ACL
eg
GUEST VLAN 50 = 10.85.50.0 /24

Switch(config)#ip access-list standard BW<20Mb-ACL
Switch(config-std-nacl)#permit 10.85.50.0 0.0.0.255


Then Configure QoS

- Create a class map
Switch(config)#class-map BW<20Mb-CM
Switch(config-cmap)#match access-group name BW<20Mb-ACL


- Create a policy map
Switch(config)#policy-map BW<20Mb-PM
Switch(config-pmap)#class BW<20Mb-CM
Switch(config-pmap-c)#police 20000000 conform-action transmit exceed-action drop


- Apply the policy to the interface
Switch(config)#interface vlan 50
Switch(config-if)#service-policy output BW<20Mb-PM


Here is a simple step by step video
https://www.youtube.com/watch?v=axd1YqKJMy8

If you want more detail info on QoS, watch the video below
https://www.youtube.com/watch?v=aHySjaG6uvw
0
 

Author Comment

by:cj_cb
ID: 40598839
this is great thanks for the help
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40598884
You're welcome
All the best
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transparency shows that a company is the kind of business that it wants people to think it is.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question