The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document provides information on how to set up the Bi-Directional Rate Limiting (BDRL) feature (introduced in release 7.3).
In addition, this document provides information on how to configure rate limiting globally, per WLAN or per client, and shows how these settings apply to traffic in each configuration and how one setting supercedes the other in different configuration settings.
Examples provided in this document demonstrate how traffic gets impacted with different rate limiting settings when chosen globally, per SSID (which is in fact per WLAN per AP) or per client when performing different configuration settings.
For the purposes of demonstrating the functionality of the Bi-Directional Rate Limiting, the examples in this document show Access Point (AP) configurations in Local Mode or Flex Connect Central switched mode, and also Flex Connect in a Locally switched mode.
It is recommended to obtain some sort of traffic generator to see the results of the rate limiting setups. In this document, iPerf is used as an example of a traffic generator.
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
Wireless LAN Controllers running AireOS 8.8.111.0 Software.
The information in this document was created from the devices in a specific lab environment.
All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
This section describes BDRL of the 8.8.111.0 release.
In releases 7.2 and earlier, there was only the ability to limit the downstream throughput across an SSID and per user on the Global interface.
BDRL was introduced in the 7.3 release, for Wave 1 indoor APs, where rate limits can be defined on both upstream and downstream traffic, as well as on a per WLAN basis. These rate limits are individually configured. The rate limits can be configured on WLAN directly instead of QoS profiles, which will override profile values.
BDRL adds the ability to define throughput limits for users on their wireless networks with a higher granularity. This ability allows setting a priority service to a particular set of clients.
A potential use case for this is in hotspot situations (coffee shops, airports, etc) where a company can offer a free low-throughput service to everyone, and charge users for a high-throughput service.
Note: The enforcement of the rate limits are done on both the controller and AP.
You can have AAA overrides for FlexConnect APs to dynamically assign QoS levels and/or bandwidth contracts for both locally switched traffic on web-authenticated WLANs and 802.1X-authenticated WLANs. Both upstream and downstream parameters are sent to the corresponding AP.
Table 1: This table illustrates where Bi-Directional Rate Limiting is enforced on Wave1 APs.
Local Mode | FlexConnect Central Switching | FlexConnect Local Switching | Flex Connect Standalone | |
---|---|---|---|---|
Per client Downstream | WLC | WLC | AP | AP |
Per client Upstream | AP | AP | AP | AP |
Table 2: This table illustrates where Bi-Directional Rate Limiting is enforced on Wave2 APs.
Local Mode | FlexConnect Central Switching | FlexConnect Local Switching | Flex Connect Standalone | |
---|---|---|---|---|
Per client Downstream | AP | AP | AP | AP |
Per client Upstream | AP | AP | AP | AP |
There is an option to select the downstream rate limit thought the QoS profile page. Users that already make use of QoS profiles functionality have additional granularity and capabilities.
The trade off with configuring the rate limits under the QoS profile is that there are only four QoS profiles available. Thus, there are only four sets of configuration options to use.
Also, because the QoS profile is applied to all clients on the associated SSID, all clients connected to the same SSID will have the same rate limited parameters.
Table 3: This table shows order of ranking Bi-Directional Rate Limiting.
AAA | QoS Profile of AAA | WLAN | QoS Profile of WLAN | Applied to Client |
---|---|---|---|---|
100 Kbps | 200 Kbps | 300 Kbps | 400 Kbps | 100 Kbps |
X | — | — | — | 200 Kbps |
X | X | — | — | 300 Kbps |
X | X | X | — | 400 Kbps |
X | X | X | X | Unlimited |
If bidirectionalrate limitingis not present, AAA override cannot occur.
The ISE server is supported.
The upstream rate limit parameter is equal to the downstream parameter, from AAA override.
Local authentication is not supported.
This section provides a sample topology, basic Switch Integration, for BDRL in Central Switching Mode configuration.
Rate limiting parameters on the WLC are configured either using the GUI or the CLI. This configuration needs to be applied on both Anchor and Foreign WLC. Configuration is done by selecting the QoS profile and configuring the various rate limiting parameters. Configuration is done by selecting the QoS profile and configuring the various rate limiting parameters. When rate limiting parameters are set to “0”, the rate limiting feature is not functional. Each WLAN has a QoS profile associated with it in addition to the configuration in the QoS profile. The WLAN configuration always overrides and supercedes the parameters configured in the QoS profile.
Configure or verify that the AP on the controller is configured as Flex Connect AP in a Centrally Switched mode, or in Local mode. Here is an example:
Configure the WLAN, for example “bdrl-pod1” on the controller, with desired security. This example shows security set to None in order to simplify the test:
Do not enable the WLAN at this point. This example is for Pod1:
Make sure the WLAN is configured for Central Switched mode under the Advanced tab and make sure Local Switching is not checked. Or, configure Local Switched mode.
Configure or verify that all Rate Limiting parameters are set to “0” for both per-user and per-SSID on the WLAN "bdrl-pod1". QoS is set to Gold, Platinum, Silver or Bronze. In this example, it is set to Silver.
Configure the QoS Silver profile on the controller with the desired Rate Limit. In this example, Rate Limit is configured to 2 Mbps for both Downstream and Upstream, and for WLAN and per-user.
Note: Before the configuration, make sure 802.11a/b/g/n networks are disabled. After the configuration, enable them again. If networks are not disabled, the Rate Limiting configuration does not get saved.
Note: Data Rate setting is for TCP/IP traffic, and Real-Time Rate is for UDP traffic testing.
Enable all networks. Also, enable the WLAN for the configuration to take effect.
In order to verify that Rate Limiting is configured properly, configure the Wireless Workstation with SSID as in example “bdrl-pod1” open authentication and connect to that WLAN.
When the system is connected to that WLAN, start a traffic generator (such as iPerf) and observe the rate limiting to 2 Mbps upstream and downstream.
The next configuration is to apply the Rate Limiting settings on the WLAN per-SSID. This example shows per-SSID Rate Limiting on the UpStream and DownStream is set to 3 Mbps.
Note: As indicated before when setting BDRL in both directions, per-user rate limit is checked first and per-SSID rate limit is checked second. Both override the Global QoS settings.
This configuration demonstrates that the setting on the “per-SSID” supercedes the QoS setting.
Start the traffic generator as in the previous examples in both directions. First Upstream, then observe the Rate Limiting of the traffic. You will notice that Rate Limiting of the per-SSID superceded the Global QoS profile setting of 2 Mbps.
In the next configuration perform the same setting. However, this time per-user rate limiting is configured to 1 Mbps. The per-user Rate Limiting supercedes the global QoS setting and per-SSID setting.
Start the traffic generator as in the previous examples in both directions. First Upstream, then observe the Rate Limiting of the traffic. You will notice that Rate Limiting of the per-user 1 Mbps setting supercedes that of per-SSID Rate Limiting of 3 Mbps, and the Global QoS profile setting of 2 Mbps.
This section provides a sample topology, basic Switch Integration, and sample test cases for the BDRL in Local Switching Mode configuration.
Note: This topology is not an actual Lab topology. It is only presented for feature explanation.
When the AP enters standalone mode, the respective downstream policies and the upstream policies are installed on the AP. These policies are not permanent and will not be saved in the AP on reboot.
Configure or verify that the AP on the controller is configured as Flex Connect AP in a Locally Switched mode.
Configure again all the Rate Limiting parameters for the Locally Switched mode as you did for the Centrally Switched or Local mode of the AP. Then, observe the results.
Perform steps 2-13 from the previous section.
QoS Profile Configuration:
config qos [average-data-rate | average-realtime-rate | burst-data-rate | burst-realtime-rate] [bronze | gold | silver | platinum] [per-ssid | per-client] [downstream | upstream] limit
WLAN Override Configuration:
config wlan override-rate-limit wlanid [average-data-rate | average-realtime-rate | burst-data-rate | burst-realtime-rate] [per-ssid | per-client] [downstream | upstream] limit
Similar show commands are also provided to display the QoS profile configuration and packet statistics.
(wlc)>show qos [bronze | gold | silver | platinum] Description...................................... For Best Effort Maximum Priority................................. besteffort Unicast Default Priority......................... besteffort Multicast Default Priority....................... besteffort protocol......................................... none Per-ssid Limits Upstream DownStream Average Data Rate................................ 0 0 Burst Data Rate.................................. 0 0 Average Realtime Data Rate................. 0 0 Realtime Burst Data Rate...................... 0 0 Per-client Limits Upstream DownStream Average Data Rate................................ 0 0 Burst Data Rate.................................. 0 0 Average Realtime Data Rate................. 0 0 Realtime Burst Data Rate...................... 0 0
(wlc)> show wlan [wlan-id] Quality of Service............................... Silver Scan Defer Priority.............................. 4,5,6 Scan Defer Time.................................. 100 milliseconds WMM.............................................. Allowed WMM UAPSD Compliant Client Support............... Disabled Media Stream Multicast-direct.................... Enabled Rate-limit Override Enabled/Disabled Per-ssid Limits Upstream DownStream Average Data Rate................................ 0 0 Burst Data Rate.................................. 0 0 Average Realtime Data Rate................. 0 0 Realtime Burst Data Rate...................... 0 0 Per-client Limits Upstream DownStream Average Data Rate................................ 0 0 Burst Data Rate.................................. 0 0 Average Realtime Data Rate................. 0 0 Realtime Burst Data Rate...................... 0 0 CCX - AironetIe Support.......................... Enabled CCX - Gratuitous ProbeResponse (GPR)............. Disabled CCX - Diagnostics Channel Capability............. Disabled
(wlc)> show client details [mac-addr] Client Statistics: Number of Data Bytes Received................... 160783 Number of Realtime Bytes Received................... 160783 Number of Data Bytes Sent....................... 23436 Number of Realtime Bytes Sent....................... 23436 Number of Data Packets Received................. 592 Number of Realtime Packets Received................. 592 Number of Data Packets Sent..................... 131 Number of Realtime Packets Sent..................... 131 Number of Interim-Update Sent.............. 0 Number of EAP Id Request Msg Timeouts...... 0
This is to configure rate limit per-SSID on downstream traffic. The throughput is limited for all clients associated to that SSID as per configuration.
Disable both 802.11a and 802.11b radio using these commands:
config 802.11a disable network config 802.11b disable network
Enter this command in order to define the average data rate in Kbps for TCP traffic per-SSID:
config qos average-data-rate silver per-ssid downstream limit
Enter this command in order to define the burst data rate in Kbps for TCP traffic per-SSID:
config qos average-data-rate silver per-ssid downstream limit
Define the average real-time rate in Kbps for UDP traffic per-SSID:
config qos average-realtime-rate silver per-ssid downstream limit
Define the peak real-time rate in Kbps for UDP traffic per-SSID:
config qos burst-realtime-rate silver per-ssid downstream limit
Map this QoS profile in WLAN using this command:
config wlan qos wlan_id silver
Enable both 802.11 a and 802.11 b radios.
Check that the above values are configured correctly using these show commands:
show qos silver show wlan [wlan-id]
Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wired to wireless clients using a traffic generator (for example, LAN traffic tool or iPerf) more than the defined parameters above.
For example, if average-data-rate = 1000 Kbps per SSID and burst data rate = 2000 Kbps per SSID, then all clients together share the bandwidth of that specific AP. Also, traffic of clients together should not exceed more than 1000 Kbps average per radio of AP.
Check client statistics using this show command:
(wlc) show client details [mac-addr] Client Statistics: Number of Data Bytes Received................... 160783 Number of Realtime Bytes Received................... 160783 Number of Data Bytes Sent....................... 23436 Number of Realtime Bytes Sent....................... 23436
Repeat the test case with other QoS profiles: bronze, gold and platinum.
This is to configure rate limit per-SSID and per-client on downstream traffic. Throughput is limited accordingly.
Disable both 802.11a and 802.11b radio using these commands:
config 802.11a disable network config 802.11b disable network
Define the average data rate in Kbps for TCP traffic per-SSID and per-client:
config qos average-data-rate silver per-ssid downstream limit config qos average-data-rate silver per-client downstream limit
Define the burst data rate in Kbps for TCP traffic per-SSID and per-client:
config qos average-data-rate silver per-ssid downstream limit config qos average-data-rate silver per-client downstream limit
Define the average real-time rate in Kbps for UDP traffic per-SSID and per-client.
config qos average-realtime-rate silver per-ssid downstream limit config qos average-realtime-rate silver per-client downstream limit
Define the peak real-time rate in Kbps for UDP traffic per-SSID and per-client:
config qos burst-realtime-rate silver per-ssid downstream limit config qos burst-realtime-rate silver per-client downstream limit
Map this QoS profile in WLAN using this command:
config wlan qos wlan_id silver
Enable both 802.11 a and 802.11 b radios.
Check that the above values are configured correctly using these show commands:
show qos silver show wlan [wlan-id]
Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wired to wireless clients using a traffic generator (for example, LAN traffic tool or iPerf) more than the defined parameters above.
Check client statistics using this show command:
(wlc) show client details [mac-addr] Client Statistics: Number of Data Bytes Received................... 160783 Number of Realtime Bytes Received................... 160783 Number of Data Bytes Sent....................... 23436 Number of Realtime Bytes Sent....................... 23436
Repeat the test case with other QoS profiles: bronze, gold and platinum.
The rate limit defined on WLAN per-SSID downstream overrides values defined under QoS profiles.
Configure rate limits for UDP and TCP traffic under QoS profile, for example, Silver.
Map this QoS profile in WLAN.
Configure different rate limit values on WLAN using these commands:
config wlan override-rate-limit id average-data-rate per-ssid downstream limit config wlan override-rate-limit id burst-data-rate per-ssid downstream limit config wlan override-rate-limit id average-realtime-rate per-ssid downstream limit config wlan override-rate-limit id burst-realtime-rate per-ssid downstream limit
Associate different clients to WLAN, and start sending traffic from wired to wireless side.
Check if value configured on WLAN is overriden. Use these show commands to validate that the WLAN override is enabled.
show wlan <id> config qos average-data-rate silver per-ssid downstream limit config qos average-data-rate silver per-client downstream limit
This is to verify that the rate limit is applied per-SSID on upstream traffic. The throughput is limited for all clients associated to that WLAN as per configuration.
Disable both 802.11a and 802.11b radio using these commands:
config 802.11a disable network config 802.11b disable network
Define the rate in Kbps for TCP and UDP traffic per-SSID:
config qos average-data-rate silver per-ssid upstream limit config qos average-data-rate silver per-ssid upstream limit config qos average-realtime-rate silver per-ssid upstream limit config qos burst-realtime-rate silver per-ssid upstream limit
Map this QoS profile in WLAN using this command:
config wlanqoswlan_id silver
Enable both 802.11 a and 802.11 b radios.
Check that the above values are configured correctly using these show commands:
show qos silver show wlan [wlan-id]
Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wireless to wired client using a traffic generator (for example, LAN traffic tool) more than the defined parameters above.
For example, if average-data-rate = 1000 Kbps per SSID and burst data rate = 2000 Kbps per SSID, then all clients together share the bandwidth. Also, traffic of clients together should not exceed more than 1000 Kbps average per radio of AP.
Check client statistics using this show command:
(wlc) show client details [mac-addr]
Optional: Repeat the test case with other QoS profiles: bronze, gold and platinum.
This to verify that when rate-limit is applied per-client on upstream traffic, the throughput is limited for all clients associated to that WLAN as per configuration.
Disable both 802.11a and 802.11b radio using these commands:
config 802.11a disable network config 802.11b disable network
Define the rate in Kbps for TCP and UDP traffic per-client:
config qos average-data-rate silver per-client upstream limit config qos average-data-rate silver per-client upstream limit config qos average-realtime-rate silver per-client upstream limit config qos burst-realtime-rate silver per-client upstream limit
Map this QoS profile in WLAN using this command:
config wlan qos wlan_id silver
Enable both 802.11 a and 802.11 b radios.
Check that the above values are configured correctly using these show commands:
show qos silver show wlan [wlan-id]
Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wireless to wired client using a traffic generator (for example, LAN traffic tool) more than the defined parameters above.
For example, if average-data-rate = 1000 Kbps per SSID and burst data rate = 2000 Kbps per SSID, then all clients together share the bandwidth, and traffic of clients together should not exceed more than 1000 Kbps average per radio of AP.
Check client statistics using this show command:
(wlc) show client details [mac-addr]
Optional: Repeat the test case with other QoS profiles: bronze, gold and platinum.
This is to verify that when rate-limit is applied per-SSID and per-client on upstream traffic, the throughput is limited accordingly.
Disable both 802.11a and 802.11b radio using these commands:
config 802.11a disable network config 802.11b disable network
Define the rate in Kbps for TCP and UDP traffic per-client and per-SSID:
config qos average-data-rate silver per-client upstream limit config qos average-data-rate silver per-client upstream limit config qos average-realtime-rate silver per-client upstream limit config qos burst-realtime-rate silver per-client upstream limit config qos average-data-rate silver per-ssid upstream limit config qos average-data-rate silver per-ssid upstream limit config qos average-realtime-rate silver per-ssid upstream limit config qos burst-realtime-rate silver per-ssid upstream limit
Map this QoS profile in WLAN using this command:
config wlan qos wlan_id silver
Enable both 802.11 a and 802.11 b radios.
Check that the above values are configured correctly using these show commands:
show qos silver show wlan [wlan-id]
Associate two or more STA to the above WLAN. Then, start sending TCP and UDP traffic from wireless to wired client using a traffic generator (for example, LAN traffic tool) more than the defined parameters above.
For example, if average-data-rate = 5000 Kbps per SSID and average-data-rate = 1000 Kbps per client, then each of client is limited to 1000 Kbps. Also, all clients traffic together should not exceed more than 5000 Kbps average per radio of AP.
Check client statistics using this show command:
(wlc) show client details [mac-addr]
Optional :Repeat the test case with other QoS profiles: bronze, gold and platinum.
This is to verify rate limit defined on WLAN per-SSID upstream overrides values defined under QoS profiles.
Configure rate limits for UDP and TCP traffic under QoS profile, for example, Silver.
Map this QoS profile in WLAN.
Configure different rate limit values on WLAN using these commands:
config wlan override-rate-limit id average-data-rate per-ssid upstream limit config wlan override-rate-limit id burst-data-rate per-ssid upstream limit config wlan override-rate-limit id average-realtime-rate per-ssid upstream limit config wlan override-rate-limit id burst-realtime-rate per-ssid upstream limit
Associate different clients to WLAN, and start sending traffic from wireless to wired side.
Check if the value configured on WLAN is overriden. Use this show command to validate that the WLAN override is enabled.
show wlan<id>
Revision | Publish Date | Comments |
---|---|---|
1.0 |
28-Aug-2012 |
Initial Release |