© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 23 of 70
Policy-map guest-ssid
Class class-default
Shape average percent 20
On the enterprise SSID class-map voice and video, the policer enforces the aggregate unicast traffic at the BSSID
level. The class default is configured to provide a minimum bandwidth allocation to the enterprise SSID, which is
able to utilize the additional unused bandwidth in the absence of congestion.
The class default on the guest SSID, however, is shaped to 20 percent of the available bandwidth irrespective of
the bandwidth utilization and congestion.
Client
Client policies can be applied in both upstream and downstream directions. Client policies are user configurable
and can be applied under the WLAN configuration mode. When applied in WLAN configuration mode, all clients
under SSID receive the same policy, but the policy enforcement is done on a per-user basis using microflow
policing.
The client-level policy can also be applied from the AAA server. The policy is defined locally on the switch, and the
name of the policy is downloaded from the AAA server at the time of client authorization. With the help of
downloadable policies, any differentiated policy can be applied for clients or client groups.
After the client policy is associated with a client, the client policy can be looked up using the client MAC address.
The following is the output of a client policy-map applied in the egress (downstream) direction:
Switch#sh policy-map interface wireless client mac b065.bdbf.77a3
Client B065.BDBF.77A3 iifid:
0x1047D4000000011.0xD7E4C000000076.0xDD94000000028D.0xFCEBC000000373
Service-policy output: egress-client
Class-map: class-default (match-any)
Match: any
police:
cir 500000 bps, bc 15625 bytes
conformed 404432 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceed 0000 bps
Flexible NetFlow (FnF) is an integral part of Cisco IOS Software that collects and measures data, allowing all
routers or switches in the network to become a source of telemetry and a monitoring device. FnF allows extremely
granular and accurate traffic measurements and high-level aggregated traffic collection. FnF provides real-time
network monitoring, security incident detection, and classification of flow of network traffic.