Wireless Access

Reply
Regular Contributor I

Bandwidth control on RAP?

Is there a way I can bandwidth control a RAP? Can you assign a particular role to a RAP and then bandwidth control them?

 

I have a remote office that runs on a RAP that I believe is taking up a lot of our corporate internet bandwidth. I'd like to bandwidth limit the RAP to only 10 Meg back to corporate.  

 

When clients on the far side of the RAP connect they are on same subnet as corporate with authenticated role.

 

I understand we could do split tunnel and only send corporate traffic down the ipsec tunnel but then they would be able to surf without any kind of firewall filter. 

 

Our corporate only has a 50 MB connection and ever since I added RAP (That has 100 MB connection to internet) my VIA clients have noticed a real slow down in their connections.

 

Re: Bandwidth control on RAP?

EDIT

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite

Re: Bandwidth control on RAP?

Yes, you can apply a bandwidth contract to the user-role in tunnel mode. You'll find it in the user-role configuration.

If the RAP is terminating on a 7 series controller running 6.4 or greater, you can even apply bandwidth contracts to individual applications. 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor I

Re: Bandwidth control on RAP?

The user role of the client or the user role of the RAP?

 

The clients get online and get authenticated role the same as the rest of my corporate clients. I do not want to bandwidth the entire authenticated role slowing down my corporate clients. I'd like to just be able to bandwidth control the RAP itself and limit the remote office access.

 

Can you assign a role to one particular AP on the system? If I can do that then I can bandwidth control that role and problem solved.

 

Re: Bandwidth control on RAP?

Like cappalli said you can apply it to directly to the user-role but in your case since you are sharing that user-role with the campus users you should create the following:

- A new user-role "REMOTE-USERS

- Then create a new aaa profile 'AAA-REMOTE-USERS-PROFILE"

- If you are using Mac auth or Dot1x then you can apply the "REMOTE-USERS" user-role as the default user-role for those

- Then create a new VAP which can use the same SSID profile but point it to the new AAA profile

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: