Hi I need some help rate limiting my guest network and I'm not quite not understanding.

  • 1
  • Question
  • Updated 3 years ago
Hi I need some help rate limiting my guest network and I'm not quite not understanding. I would like to cutdown our guest network data rates to atleast half our bandwidth because currentlly they're using the same as my internal network and I'd like to eliminate that.
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes

Posted 3 years ago

  • 1
Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes
First of all, what you should NOT do is limit the 802.11 data rates for the guest SSID as this will just cause more airtime to be used by guest traffic.

You have a couple of options. Rate-limiting on a per-user basis is certainly possible through the Rate Control and Queing Policy settings in the user profile object. You could for example rate-limit each guest user to 2Mbps.

You can also have an AP rate-limit at the level of the whole user profile rather than on a per-user basis by specifying the Policing Rate Limit inside the user profile object.

You could also do things in reverse and instead of limiting the guests, prioritise your non-guests by using Dynamic Airtime Scheduling with SLAs for your non-guest users to give them a better level of service.

What is more problematic is if you want to do AGGREGATE rate limiting, i.e. limit the total of guest traffic across ALL APs to, say, 10Mbps. There's no way to do this within the Aerohive system because each AP can only control the traffic passing through it. If you want to rate limit on the aggregated guest traffic across all your APs you need to do this upstream, for example on your firewall.
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Well put, I' look into my Sonicwall firewall then thanks.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
It sounds like the concern here is to ensure that the guest traffic has lower priority than everything else.

Why do you want to limit the bandwidth?
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Hi Nick,

The reason for this is because we're currently running PARCC (state testing) on our entire School district. This involves roughly 1,800 students simultaneously using up our bandwidth with this testing software that communicates to our caching server as well as Pearson online. And to avoid any slow activity I wanted to lower down the bandwidth for our guest network so that it doesn't impact our students speeds.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
You're much better off using application and user aware QoS rather than using static limits though.
(Edited)
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Can you please elaborate? Could this be done on the hivemanager?
Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes
Nick is referring to a more granular approach where you prioritise different classes of traffic (by service or application) for different users instead of or as well as hard rate limiting the traffic.

To achieve this, you create a firewall policy associated with the user profiles to classify different services and applications into one of the eight available classes of service and then optionally configure your QoS rate-limiting and queuing policy to prioritise and optionally rate-limit on a per-class-of-service basis.

This is all done within HiveManager, but again, if your concern is over the bandwidth utilisation of your Internet connection for example, then the correct place to do this is at the aggregation point (i.e. your firewall). You could do this in both places for example do prioritisation of traffic within Aerohive (to give different services/applications different classes of service within the Aerohive system) and then do rate-limiting (again possibly on a class-of-service basis) on your firewall to limit your aggregated bandwidth usage on your Internet connection.

It depends how much work you want to put into it and exactly what experience you want to give to the users.