Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 389
  • Last Modified:

QOS or ACL on a guest vlan

I have a guest wireless vlan 103 on my network and i want to limit them to 20 meg max. I need a complete Qos or access list to get this done.  I am not sure which will do the trick whichever is easiest  will suffice.

version 12.2 se3 3750G 48port
0
cj_cb
Asked:
cj_cb
  • 5
  • 3
  • 2
  • +1
1 Solution
 
Ken BooneNetwork ConsultantCommented:
How is this guest vlan setup?  Where is the layer 3 gateway  for this vlan? On the AP, layer 3 switch or firewall?  Depending on where and how its setup can drive the different options we have to deal with this.
0
 
cj_cbAuthor Commented:
great question the vlan is setup on the switch

thanks CJ
0
 
Bryant SchaperCommented:
is this 20mbps total or per client, can we just limit the interface?
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
cj_cbAuthor Commented:
again great question 20mb total.
0
 
Ken BooneNetwork ConsultantCommented:
ok so let me be more specific.  Obviously the vlan is set up on the switch.. Where is the layer 3 interface for the vlan that all of this traffic will have to pass through in order to get to the internet?
0
 
cj_cbAuthor Commented:
on the same switch, it handles all layer 3 traffic.
0
 
Ken BooneNetwork ConsultantCommented:
Okay so the layer 3 interface is on the switch, what kind of firewall are you using?
0
 
cj_cbAuthor Commented:
its an ASA 5505
0
 
AkinsdNetwork AdministratorCommented:
You need a combination of both

NOTE!
The IOS version of your software may determine which commands you have available to you

Here is a simple configuration
Identify the traffic you want to monitor by an ACL
eg
GUEST VLAN 50 = 10.85.50.0 /24

Switch(config)#ip access-list standard BW<20Mb-ACL
Switch(config-std-nacl)#permit 10.85.50.0 0.0.0.255


Then Configure QoS

- Create a class map
Switch(config)#class-map BW<20Mb-CM
Switch(config-cmap)#match access-group name BW<20Mb-ACL


- Create a policy map
Switch(config)#policy-map BW<20Mb-PM
Switch(config-pmap)#class BW<20Mb-CM
Switch(config-pmap-c)#police 20000000 conform-action transmit exceed-action drop


- Apply the policy to the interface
Switch(config)#interface vlan 50
Switch(config-if)#service-policy output BW<20Mb-PM


Here is a simple step by step video
https://www.youtube.com/watch?v=axd1YqKJMy8

If you want more detail info on QoS, watch the video below
https://www.youtube.com/watch?v=aHySjaG6uvw
0
 
cj_cbAuthor Commented:
this is great thanks for the help
0
 
AkinsdNetwork AdministratorCommented:
You're welcome
All the best
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now