Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
A big network usually has a lot of broadcast and multicast traffic, which consumes a large percentage of the link bandwidth. To limit that traffic, apply a bandwidth contract to the user VLAN.
The question is: will the unicast traffic be policed to the same bandwidth contract applied to the VLAN? The answer is No. A bandwidth contract applied to VLANs only polices broadcast and multicast traffic. The following is an example:
To restrict multicast, restrictions on broadcast traffic bandwidth can be imposed on VLANs. To impose bandwidth restrictions on a per-user basis, these restrictions must be configured for user roles.
To configure a bandwidth contract based on a VLAN:
1) Configure a bandwidth contract for VLAN 1 from the "interface vlan" prompt:
(Aruba) (config) #interface vlan 1
(Aruba) (config-subif)#bandwidth-contract "vlan_1"
2) After the bandwidth contract is named, assign a value in kbits or mbits to it:
(Aruba) (config) #aaa bandwidth-contract vlan_1 kbits 512
3) Show the bandwidth contract configured for the VLAN:
(Aruba) (config) #show interface vlan 1
VLAN1 is up line protocol is up.
Hardware is CPU Interface, Interface address is 00:0B:86:50:2D:50 (bia 00:0B:86: 50:2D:50)
Description: 802.1Q VLAN
Internet address is 10.10.255.1 255.255.255.0
Routing interface is enable, forwarding mode is enabled
Directed broadcast is disabled
Encapsulation 802, loopback not set
MTU 1500 bytes
A Bandwidth contract of 512 Kbits/sec is enforced on multicast traffic
Last clearing of "show interface" counters 0 day 0 hr 12 min 59 sec
link status last changed 0 day 0 hr 12 min 59 sec
To configure bandwidth contract based on user roles in ArubaOS 3.x:
1) Create a user role and assign a bandwidth contract string for the user role:
(Aruba) (config) #user-role employee
(Aruba) (config-role) #bandwidth-contract "test"
(Aruba) (config-role) #bw-contract "test" ?
downstream - Assign bandwidth contract to downstream traffic per-user Assign bandwidth contract per-user (default is per-role)
upstream - Assign bandwidth contract to upstream traffic
(Aruba) (config-role) #bw-contract test per-user ?
downstream - Assign bandwidth contract to per-user downstream traffic
upstream - Assign bandwidth contract to per-user upstream traffic
2) Configure a value for the user as:
(Aruba) (config) #aaa bandwidth-contract "test" kbits 256
The bandwidth contracts are imposed on all users who are assigned the role of "employee".
3) Verify the configuration by issuing the following command:
(Aruba) (config-role) #show rights employee
Derived Role = 'employee'
Up BW:No Limit Down BW contract = test (512000 bits/sec)
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 45/0
Max Sessions = 65535
To configure bandwidth contract based on user roles in ArubaOS 2.5:
1) Create a user role and assign bandwidth contract string for the user role:
(Aruba) (config) #user-role employee
(Aruba) (config-role) #bandwidth-contract "emp_vlan1"
2) Configure a value for the user as:
(Aruba) (config) #aaa bandwidth-contract "emp_vlan1" kbits 256
The bandwidth contracts are imposed on all users who are assigned the role of "employee".
3) Verify the configuration by issuing the following command:
(Aruba) (config) #show rights employee
Derived Role = 'employee'
Bandwidth contract = emp_vlan1 (256000 bits/sec)
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 17v