I have an access-point, 1230, that I would like to give full access to port 80 and 443, but limit everything else to like 8k
Or, I could get around this by limiting all wireless connections to about 500k each.
-Wil
~ I have an access-point, 1230, that I would like to give full access to ~ port 80 and 443, but limit everything else to like 8k ~ ~ Or, I could get around this by limiting all wireless connections to ~ about 500k each. ~ ~ -Wil
The AP provides no policing/shaping support. You can however apply wireless QoS policies. This may not give you the granularity to limit things to "like 8k", but it's worth playing around with.
See:
Assuming you have a switch upstream for the AP, you could see if it is capable of policing outbound traffic to the AP. Keep in mind the actual throuput that you are likely to get on the wireless link, so might need to throttle it way back ...
Another thing to do is to ensure that no unnecessary traffic (i.e read broadcast / multicasts) get transmitted on the wireless link
. so unless you have Cisco wirless IP phones, disable CDP . make sure routing updates are not being broadcast ... . turn on " ip accounting mac-address output" on the radio interface . enable client arp caching on the AP so the AP respond to ARP requests on behalf of the client thereby keeping unnecessary ARP traffic off the wirless link "dot11 arp-cache optional"
Unfortunately this is not robust enough, it's almost unbelievable that there are no provisions for this... Maybe I should set the antenna to negotiate at only 1meg :)
The problem that I'm having is that we are providing "free" access, one of the sites is a P2P fan that seems to be ruining it for the rest...
Bastids
-Wil
Aar> ~ I have an access-point, 1230, that I would like to give full access to
You can always block the MAC address of the P2P user ;-))
Estalish an acceptable use policy, communicate it to all those involved and then enforce it
I do agree with you!
The problem is that this is public access. Many people come in and use "free" wireless at a community center. If we were to take this approach we would have to wait for a complaint, drop everything for about 10 minutes, find the source and then block the source.
I suppose I could prioritize web traffic, wouldn't actually "fix" the issue at hand but it may help to mask it a bit.
Merv wrote:
.> Many people come in and use "free" wireless at a community center.
Ahhhhhhh ...
Well since it is not a paid for service and if you are getting complaints, then I would give serious consideration to blocking all P2P ports
You could also inquire of your ISP whether they can traffic police P2P traffic for you.
Here is a link to some software that may do what you are looking for. It is designed for free hotspots and is open source. Lots of configuration options and may solve your problem.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.