Cisco 5500 Series Wireless Controllers

Introduction

This document provides information on how to set up the Bi-Directional Rate Limiting (BDRL) feature introduced in release 7.3. In addition, this document provides information on how to configure rate limiting globally, per WLAN or per client, and shows how these settings apply to traffic in each configuration and how one setting supercedes the other in different configuration settings.

Examples provided in this document demonstrate how traffic gets impacted with different rate limiting settings when chosen globally, per SSID or per client when performing different configuration settings. For the purposes of demonstrating the functionality of the Bi-Directional Rate Limiting, the examples in this document show Access Point (AP) configurations in Local Mode or Flex Connect Central switched mode, and also Flex Connect in a Locally switched mode. It is recommended to obtain some sort of traffic generator to see the results of the rate limiting setups. In this document, iPerf is used as an example of a traffic generator.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Wireless LAN Controller 7.3 Software

• WLCs 5500 Series, 7500/8500 Series, and WiSM-2

• 1040, 1140, 1250, 1260, 2600, 3500, 3600 APs

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Overview

This section describes BDRL of the 7.3 release. In releases 7.2 and earlier, there is only the ability to limit the downstream throughput across an SSID and per user on the Global interface. With this new feature in the 7.3 release, rate limits can be defined on both upstream and downstream traffic, as well as on a per WLAN basis. These rate limits are individually configured. The rate limits can be configured on WLAN directly instead of QoS profiles, which will override profile values.

This new feature adds the ability to define throughput limits for users on their wireless networks with a higher granularity. This ability allows setting a priority service to a particular set of clients. A potential use case for this is in hotspot situations (coffee shops, airports, etc) where a company can offer a free low-throughput service to everyone, and charge users for a high-throughput service.

Note: The enforcement of the rate limits are done on both the controller and AP.

• Rate limiting is supported for APs in Local and FlexConnect mode (both Central and Local switching).

• When the controller is connected and central switching is used the controller will handle the downstream enforcement of per-client rate limit only.

• The AP will always handle the enforcement of the upstream traffic and per-SSID rate limit for downstream traffic.

• For the locally switched environment, both upstream and downstream rate limits will be enforced on the AP. The enforcement on the AP will take place in the dot11 driver. This is where the current classification exists.

• In both directions, per-client rate limit is applied/checked first and per-SSID rate limit is applied/checked second.

• The WLAN rate limiting will always supercede the Global QoS setting for WLAN and user.

• Rate limiting only works for TCP and UDP traffic. Other types of traffic (IPSec, GRE, ICMP, CAPWAP, etc) cannot be limited.

• Only policing is implemented in the 7.3 releases.

• No coloring or traffic shaping is done in phase 1.

In releases before 7.3, there is an option to select the downstream rate limit thought the QoS profile page. In the 7.3 release this capability is expanded, which gives users that already make use of QoS profiles functionality additional granularity and capabilities. The trade off with configuring the rate limits under the QoS profile is that there are only four QoS profiles available. Thus, there are only four sets of configuration options to use.

Also, because the QoS profile is applied to all clients on the associated SSID, all clients connected to the same SSID will have the same rate limited parameters.

BDRL is supported on these APs: 1040, 1140, 1250, 1260, 2600, 3500, 3600. All legacy AP platforms (1130, 1240, etc.) and mesh platforms (1520, 1550) do not support this feature.

These controllers support Rate Limiting: 5508, WiSM-2, 7500 and 8500.

WLC, NCS and MSE Beta Release Notes

The 7.3 Release Notes contain important information about this release. Refer to the latest release notes before loading and testing software.

WLC configuration for Bi-directional Rate Limiting – Central Switching

This section provides a sample topology, basic Switch Integration, for BDRL in Central Switching Mode configuration.

Rate limiting parameters on the WLC are configured either using the GUI or the CLI. Configuration is done by selecting the QoS profile and configuring the various rate limiting parameters. Configuration is done by selecting the QoS profile and configuring the various rate limiting parameters. When rate limiting parameters are set to “0”, the rate limiting feature is not functional. Each WLAN has a QoS profile associated with it in addition to the configuration in the QoS profile. The WLAN configuration always overrides and supercedes the parameters configured in the QoS profile.

1. Configure or verify that the AP on the controller is configured as Flex Connect AP in a Centrally Switched mode, or in Local mode. Here is an example:

   

2. Configure the WLAN, for example “bdrl-pod1” on the controller, with desired security. This example shows security set to None in order to simplify the test:

   

   

   

3. Do not enable the WLAN at this point. This example is for Pod1:

   

4. Make sure the WLAN is configured for Central Switched mode under the Advanced tab and make sure Local Switching is not checked. Or, configure Local Switched mode.

   

5. Configure or verify that all Rate Limiting parameters are set to “0” for both per-user and per-SSID on the WLAN "bdrl-pod1". QoS is set to Gold, Platinum, Silver or Bronze. In this example, it is set to Silver.

   

6. Configure the QoS Silver profile on the controller with the desired Rate Limit. In this example, Rate Limit is configured to 2 Mbps for both Downstream and Upstream, and for WLAN and per-user.

   Note: Before the configuration, make sure 802.11a/b/g/n networks are disabled. After the configuration, enable them again. If networks are not disabled, the Rate Limiting configuration does not get saved.

   Note: Data Rate setting is for TCP/IP traffic, and Real-Time Rate is for UDP traffic testing.

   

7. Enable all networks. Also, enable the WLAN for the configuration to take effect.

8. In order to verify that Rate Limiting is configured properly, configure the Wireless Workstation with SSID as in example “bdrl-pod1” open authentication and connect to that WLAN.

9. When the system is connected to that WLAN, start a traffic generator (such as iPerf) and observe the rate limiting to 2 Mbps upstream and downstream.

10. The next configuration is to apply the Rate Limiting settings on the WLAN per-SSID. This example shows per-SSID Rate Limiting on the UpStream and DownStream is set to 3 Mbps.

    Note: As indicated before when setting BDRL in both directions, per-user rate limit is checked first and per-SSID rate limit is checked second. Both override the Global QoS settings.

    

    This configuration demonstrates that the setting on the “per-SSID” supercedes the QoS setting.

11. Start the traffic generator as in the previous examples in both directions. First Upstream, then observe the Rate Limiting of the traffic. You will notice that Rate Limiting of the per-SSID superceded the Global QoS profile setting of 2 Mbps.

12. In the next configuration perform the same setting. However, this time per-user rate limiting is configured to 1 Mbps. The per-user Rate Limiting supercedes the global QoS setting and per-SSID setting.

    

13. Start the traffic generator as in the previous examples in both directions. First Upstream, then observe the Rate Limiting of the traffic. You will notice that Rate Limiting of the per-user 1 Mbps setting supercedes that of per-SSID Rate Limiting of 3 Mbps, and the Global QoS profile setting of 2 Mbps.

WLC configuration for Bi-directional Rate Limiting – Local Switching

This section provides a sample topology, basic Switch Integration, and sample test cases for the BDRL in Local Switching Mode configuration.

Note: This topology is not an actual Lab topology. It is only presented for feature explanation.

When the AP enters standalone mode, the respective downstream policies and the upstream policies are installed on the AP. These policies are not permanent and will not be saved in the AP on reboot.

1. Configure or verify that the AP on the controller is configured as Flex Connect AP in a Locally Switched mode.

   

2. Configure again all the Rate Limiting parameters for the Locally Switched mode as you did for the Centrally Switched or Local mode of the AP. Then, observe the results.

3. Perform steps 2-13 from the previous section.

Rate Limiting CLI configurations

QoS Profile Configuration:

config qos [average-data-rate | average-realtime-rate | burst-data-rate | burst-realtime-rate] 
[bronze | gold | silver | platinum] [per-ssid | per-client] [downstream | upstream] limit

WLAN Override Configuration:

config wlan qosid override-rate-limit [average-data-rate | average-realtime-rate | burst-data-rate | 
burst-realtime-rate] [per-ssid | per-client] [downstream | upstream] limit

Similar show commands are also provided to display the QoS profile configuration and packet statistics.

(wlc)>show qos [bronze | gold | silver | platinum]
Description...................................... For Best Effort
Maximum Priority................................. besteffort
Unicast Default Priority......................... besteffort
Multicast Default Priority....................... besteffort
protocol......................................... none
Per-ssid Limits                                   Upstream            DownStream
Average Data Rate................................    0                     0         
Burst Data Rate..................................    0                     0            
Average Realtime Data Rate.................          0                     0   
Realtime Burst Data Rate......................       0                     0      
Per-client Limits                                Upstream            DownStream
Average Data Rate................................    0                     0
Burst Data Rate..................................    0                     0
Average Realtime Data Rate.................          0                     0
Realtime Burst Data Rate......................       0                     0

(wlc)> show wlan [wlan-id]
Quality of Service............................... Silver
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Enabled
Rate-limit Override                                           Enabled/Disabled
Per-ssid Limits                                     Upstream            DownStream
Average Data Rate................................      0                     0           
Burst Data Rate..................................      0                     0           
Average Realtime Data Rate.................            0                     0  
Realtime Burst Data Rate......................         0                     0           
Per-client Limits                                 Upstream            DownStream
Average Data Rate................................      0                     0           
Burst Data Rate..................................      0                     0           
Average Realtime Data Rate.................            0                     0         
Realtime Burst Data Rate......................         0                     0          
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled

(wlc)> show client details [mac-addr]
Client Statistics:
      Number of Data Bytes Received................... 160783
      Number of Realtime Bytes Received................... 160783
      Number of Data Bytes Sent....................... 23436
      Number of Realtime Bytes Sent....................... 23436
      Number of Data Packets Received................. 592
      Number of Realtime Packets Received................. 592
      Number of Data Packets Sent..................... 131
      Number of Realtime Packets Sent..................... 131
      Number of Interim-Update Sent.............. 0
      Number of EAP Id Request Msg Timeouts...... 0

Rate Limiting Central Switching – Sample CLI Configuration Cases

Rate limit applied per-SSID on downstream traffic configuration

This is to configure rate limit per-SSID on downstream traffic. The throughput is limited for all clients associated to that SSID as per configuration.

1. Disable both 802.11a and 802.11b radio using these commands:

   config 802.11a disable network
   config 802.11b disable network

2. Enter this command in order to define the average data rate in Kbps for TCP traffic per-SSID:

   config qos average-data-rate silver per-ssid downstream limit

3. Enter this command in order to define the burst data rate in Kbps for TCP traffic per-SSID:

   config qos average-data-rate silver per-ssid downstream limit

4. Define the average real-time rate in Kbps for UDP traffic per-SSID:

   config qos average-realtime-rate silver per-ssid downstream limit

5. Define the peak real-time rate in Kbps for UDP traffic per-SSID:

   config qos burst-realtime-rate silver per-ssid downstream limit

6. Map this QoS profile in WLAN using this command:

   config wlan qos wlan_id silver

7. Enable both 802.11 a and 802.11 b radios.

8. Check that the above values are configured correctly using these show commands:

   show qos silver 
   show wlan [wlan-id] 

9. Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wired to wireless clients using a traffic generator (for example, LAN traffic tool or iPerf) more than the defined parameters above.

   For example, if average-data-rate = 1000 Kbps per SSID and burst data rate = 2000 Kbps per SSID, then all clients together share the bandwidth. Also, traffic of clients together should not exceed more than 1000 Kbps average per radio of AP.

10. Check client statistics using this show command:

    (wlc) show client details [mac-addr]
    Client Statistics:
          Number of Data Bytes Received................... 160783
          Number of Realtime Bytes Received................... 160783
          Number of Data Bytes Sent....................... 23436
          Number of Realtime Bytes Sent....................... 23436

11. Repeat the test case with other QoS profiles: bronze, gold and platinum.

Rate limit is applied on both per-SSID and per-client on downstream traffic configuration

This is to configure rate limit per-SSID and per-client on downstream traffic. Throughput is limited accordingly.

1. Disable both 802.11a and 802.11b radio using these commands:

   config 802.11a disable network
   config 802.11b disable network

2. Define the average data rate in Kbps for TCP traffic per-SSID and per-client:

   config qos average-data-rate silver per-ssid downstream limit 
   config qos average-data-rate silver per-client downstream limit

3. Define the burst data rate in Kbps for TCP traffic per-SSID and per-client:

   config qos average-data-rate silver per-ssid downstream limit 
   config qos average-data-rate silver per-client downstream limit

4. Define the average real-time rate in Kbps for UDP traffic per-SSID and per-client.

   config qos average-realtime-rate silver per-ssid downstream limit  
   config qos average-realtime-rate silver per-client downstream limit

5. Define the peak real-time rate in Kbps for UDP traffic per-SSID and per-client:

   config qos burst-realtime-rate silver per-ssid downstream limit  
   config qos burst-realtime-rate silver per-client downstream limit

6. Map this QoS profile in WLAN using this command:

   config wlan qos wlan_id silver

7. Enable both 802.11 a and 802.11 b radios.

8. Check that the above values are configured correctly using these show commands:

   show qos silver 
   show wlan [wlan-id]

9. Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wired to wireless clients using a traffic generator (for example, LAN traffic tool or iPerf) more than the defined parameters above.

10. Check client statistics using this show command:

    (wlc) show client details [mac-addr]
    Client Statistics:
          Number of Data Bytes Received................... 160783
          Number of Realtime Bytes Received................... 160783
          Number of Data Bytes Sent....................... 23436
          Number of Realtime Bytes Sent....................... 23436

11. Repeat the test case with other QoS profiles: bronze, gold and platinum.

Rate limit applied per-SSID supercedes global QoS profile on downstream traffic configuration

The rate limit defined on WLAN per-SSID downstream overrides values defined under QoS profiles.

1. Configure rate limits for UDP and TCP traffic under QoS profile, for example, Silver.

2. Map this QoS profile in WLAN.

3. Configure different rate limit values on WLAN using these commands:

   config wlan override-rate-limit id average-data-rate  per-ssid downstream limit
   config wlan override-rate-limit id burst-data-rate  per-ssid downstream limit
   config wlan override-rate-limit id average-realtime-rate  per-ssid downstream limit
   config wlan override-rate-limit id burst-realtime-rate  per-ssid downstream limit

4. Associate different clients to WLAN, and start sending traffic from wired to wireless side.

5. Check if value configured on WLAN is overriden. Use these show commands to validate that the WLAN override is enabled.

   show wlan <id> config qos average-data-rate silver per-ssid downstream limit 
   config qos average-data-rate silver per-client downstream limit
   

Rate limit applied per-SSID on upstream traffic configuration

This is to verify that the rate limit is applied per-SSID on upstream traffic. The throughput is limited for all clients associated to that WLAN as per configuration.

1. Disable both 802.11a and 802.11b radio using these commands:

   config 802.11a disable network
   config 802.11b disable network

2. Define the rate in Kbps for TCP and UDP traffic per-SSID:

   config qos average-data-rate silver per-ssid upstream limit                                                                                            
   config qos average-data-rate silver per-ssid upstream limit 
   config qos average-realtime-rate silver per-ssid upstream limit  
   config qos burst-realtime-rate silver per-ssid upstream limit

3. Map this QoS profile in WLAN using this command:

   config wlanqoswlan_id silver

4. Enable both 802.11 a and 802.11 b radios.

5. Check that the above values are configured correctly using these show commands:

   show qos silver 
   show wlan [wlan-id]

6. Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wireless to wired client using a traffic generator (for example, LAN traffic tool) more than the defined parameters above.

   For example, if average-data-rate = 1000 Kbps per SSID and burst data rate = 2000 Kbps per SSID, then all clients together share the bandwidth. Also, traffic of clients together should not exceed more than 1000 Kbps average per radio of AP.

7. Check client statistics using this show command:

   (wlc) show client details [mac-addr]

8. Optional: Repeat the test case with other QoS profiles: bronze, gold and platinum.

Rate limit applied per-client on upstream traffic configuration

This to verify that when rate-limit is applied per-client on upstream traffic, the throughput is limited for all clients associated to that WLAN as per configuration.

1. Disable both 802.11a and 802.11b radio using these commands:

   config 802.11a disable network
   config 802.11b disable network

2. Define the rate in Kbps for TCP and UDP traffic per-client:

   config qos average-data-rate silver per-client upstream limit                                                                                            
   config qos average-data-rate silver per-client upstream limit 
   config qos average-realtime-rate silver per-client upstream limit  
   config qos burst-realtime-rate silver per-client upstream limit

3. Map this QoS profile in WLAN using this command:

   config wlan qos wlan_id silver

4. Enable both 802.11 a and 802.11 b radios.

5. Check that the above values are configured correctly using these show commands:

   show qos silver 
   show wlan [wlan-id]

6. Associate two or more clients to the above WLAN. Then, start sending TCP and UDP traffic from wireless to wired client using a traffic generator (for example, LAN traffic tool) more than the defined parameters above.

   For example, if average-data-rate = 1000 Kbps per SSID and burst data rate = 2000 Kbps per SSID, then all clients together share the bandwidth, and traffic of clients together should not exceed more than 1000 Kbps average per radio of AP.

7. Check client statistics using this show command:

   (wlc) show client details [mac-addr]

8. Optional: Repeat the test case with other QoS profiles: bronze, gold and platinum.

Rate limit applied per-SSID and per-client together on upstream traffic configuration

This is to verify that when rate-limit is applied per-SSID and per-client on upstream traffic, the throughput is limited accordingly.

1. Disable both 802.11a and 802.11b radio using these commands:

   config 802.11a disable network
   config 802.11b disable network

2. Define the rate in Kbps for TCP and UDP traffic per-client and per-SSID:

   config qos average-data-rate silver per-client upstream limit                                                                                            
   config qos average-data-rate silver per-client upstream limit 
   config qos average-realtime-rate silver per-client upstream limit  
   config qos burst-realtime-rate silver per-client upstream limit                                                                                                    
   config qos average-data-rate silver per-ssid upstream limit                                                                                            
   config qos average-data-rate silver per-ssid upstream limit 
   config qos average-realtime-rate silver per-ssid upstream limit  
   config qos burst-realtime-rate silver per-ssid upstream limit

3. Map this QoS profile in WLAN using this command:

   config wlan qos wlan_id silver

4. Enable both 802.11 a and 802.11 b radios.

5. Check that the above values are configured correctly using these show commands:

   show qos silver
   show wlan [wlan-id]

6. Associate two or more STA to the above WLAN. Then, start sending TCP and UDP traffic from wireless to wired client using a traffic generator (for example, LAN traffic tool) more than the defined parameters above.

   For example, if average-data-rate = 5000 Kbps per SSID and average-data-rate = 1000 Kbps per client, then each of client is limited to 1000 Kbps. Also, all clients traffic together should not exceed more than 5000 Kbps average per radio of AP.

7. Check client statistics using this show command:

   (wlc) show client details [mac-addr]

8. Optional :Repeat the test case with other QoS profiles: bronze, gold and platinum.

Rate limit applied per-SSID supercedes global QoS profile on upstream traffic configuration

This is to verify rate limit defined on WLAN per-SSID upstream overrides values defined under QoS profiles.

1. Configure rate limits for UDP and TCP traffic under QoS profile, for example, Silver.

2. Map this QoS profile in WLAN.

3. Configure different rate limit values on WLAN using these commands:

   config wlan override-rate-limit id average-data-rate  per-ssid upstream limit
   config wlan override-rate-limit id burst-data-rate  per-ssid upstream limit
   config wlan override-rate-limit id average-realtime-rate  per-ssid upstream limit
   config wlan override-rate-limit id burst-realtime-rate  per-ssid upstream limit

4. Associate different clients to WLAN, and start sending traffic from wireless to wired side.

5. Check if the value configured on WLAN is overriden. Use this show command to validate that the WLAN override is enabled.

   show wlan<id>

Related Information

• Cisco 4400 Series Wireless LAN Controllers
• Cisco 2000 Series Wireless LAN Controllers
• Cisco Prime Network Control System Series Appliances
• Cisco 3300 Series Mobility Services Engine
• Cisco Aironet 3500 Series
• Technical Support & Documentation - Cisco Systems