How to traffic police on an aironet?

Discussion in 'Cisco' started by Wil, Mar 30, 2006.

  1. Wil

    Wil Guest

    I have an access-point, 1230, that I would like to give full access to
    port 80 and 443, but limit everything else to like 8k

    Or, I could get around this by limiting all wireless connections to
    about 500k each.

    -Wil
    Wil, Mar 30, 2006
    #1
    1. Advertising

  2. ~ I have an access-point, 1230, that I would like to give full access to
    ~ port 80 and 443, but limit everything else to like 8k
    ~
    ~ Or, I could get around this by limiting all wireless connections to
    ~ about 500k each.
    ~
    ~ -Wil

    The AP provides no policing/shaping support. You can however apply
    wireless QoS policies. This may not give you the granularity to
    limit things to "like 8k", but it's worth playing around with.

    See: http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00802091be.html

    Aaron
    Aaron Leonard, Mar 30, 2006
    #2
    1. Advertising

  3. Wil

    Merv Guest


    > ~ I have an access-point, 1230, that I would like to give full access to
    > ~ port 80 and 443, but limit everything else to like 8k


    Assuming you have a switch upstream for the AP, you could see if it is
    capable of policing outbound traffic to the AP. Keep in mind the
    actual throuput that you are likely to get on the wireless link, so
    might need to throttle it way back ...
    Merv, Mar 31, 2006
    #3
  4. Wil

    Merv Guest

    Another thing to do is to ensure that no unnecessary traffic (i.e read
    broadcast / multicasts) get transmitted on the wireless link

    .. so unless you have Cisco wirless IP phones, disable CDP
    .. make sure routing updates are not being broadcast ...
    .. turn on " ip accounting mac-address output" on the radio interface
    .. enable client arp caching on the AP so the AP respond to ARP requests
    on behalf of the client
    thereby keeping unnecessary ARP traffic off the wirless link
    "dot11 arp-cache optional"
    Merv, Mar 31, 2006
    #4
  5. Wil

    Wil Guest

    Unfortunately this is not robust enough, it's almost unbelievable that
    there are no provisions for this... Maybe I should set the antenna to
    negotiate at only 1meg :)

    The problem that I'm having is that we are providing "free" access, one
    of the sites is a P2P fan that seems to be ruining it for the rest...

    Bastids

    -Wil

    Aaron Leonard wrote:
    > ~ I have an access-point, 1230, that I would like to give full access to
    > ~ port 80 and 443, but limit everything else to like 8k
    > ~
    > ~ Or, I could get around this by limiting all wireless connections to
    > ~ about 500k each.
    > ~
    > ~ -Wil
    >
    > The AP provides no policing/shaping support. You can however apply
    > wireless QoS policies. This may not give you the granularity to
    > limit things to "like 8k", but it's worth playing around with.
    >
    > See: http://www.cisco.com/en/US/products...figuration_guide_chapter09186a00802091be.html
    >
    > Aaron
    Wil, Mar 31, 2006
    #5
  6. Wil

    Wil Guest

    Unmanaged switches :|

    Merv wrote:
    >> ~ I have an access-point, 1230, that I would like to give full access to
    >> ~ port 80 and 443, but limit everything else to like 8k

    >
    > Assuming you have a switch upstream for the AP, you could see if it is
    > capable of policing outbound traffic to the AP. Keep in mind the
    > actual throuput that you are likely to get on the wireless link, so
    > might need to throttle it way back ...
    >
    Wil, Mar 31, 2006
    #6
  7. Wil

    Merv Guest

    You can always block the MAC address of the P2P user ;-))
    Merv, Mar 31, 2006
    #7
  8. Wil

    Wil Guest

    This true, it would be much more polite to make the P2P application slow
    enough to be considered unusable

    Merv wrote:
    > You can always block the MAC address of the P2P user ;-))
    >
    Wil, Mar 31, 2006
    #8
  9. Wil

    Merv Guest

    Estalish an acceptable use policy, communicate it to all those involved
    and then enforce it
    Merv, Mar 31, 2006
    #9
  10. Wil

    Wil Guest

    I do agree with you!

    The problem is that this is public access. Many people come in and use
    "free" wireless at a community center. If we were to take this approach
    we would have to wait for a complaint, drop everything for about 10
    minutes, find the source and then block the source.

    I suppose I could prioritize web traffic, wouldn't actually "fix" the
    issue at hand but it may help to mask it a bit.

    Merv wrote:
    > Estalish an acceptable use policy, communicate it to all those involved
    > and then enforce it
    >
    Wil, Mar 31, 2006
    #10
  11. Wil

    Merv Guest

    ..> Many people come in and use "free" wireless at a community center.

    Ahhhhhhh ...

    Well since it is not a paid for service and if you are getting
    complaints, then I would give serious consideration to blocking all P2P
    ports

    You could also inquire of your ISP whether they can traffic police P2P
    traffic for you.
    Merv, Mar 31, 2006
    #11
  12. Wil

    Eric Guest

    Here is a link to some software that may do what you are looking for.
    It is designed for free hotspots and is open source. Lots of
    configuration options and may solve your problem.

    http://www.publicip.net/
    Eric, Apr 3, 2006
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andre Paetzold

    Aironet 1200 and Aironet 1300 compatible?

    Andre Paetzold, Dec 8, 2004, in forum: Cisco
    Replies:
    2
    Views:
    846
    Andre Paetzold
    Dec 9, 2004
  2. Sven Juergensen

    aironet <-> aironet bridging?

    Sven Juergensen, Dec 15, 2004, in forum: Cisco
    Replies:
    1
    Views:
    443
    Walter Roberson
    Dec 16, 2004
  3. Hypno999

    traffic-shaping limit ftp traffic

    Hypno999, Oct 7, 2005, in forum: Cisco
    Replies:
    5
    Views:
    3,615
  4. Skybuck Flying
    Replies:
    0
    Views:
    4,807
    Skybuck Flying
    Jan 19, 2006
  5. Replies:
    1
    Views:
    573
    headsetadapter.com
    Mar 11, 2007
Loading...

Share This Page