You can very quickly do bandwidth limiting for a certain network or range of IP addresses.

Create an ACL for the traffic to do bandwidth limiting on. It is required to have a separate ACL as the QoS policy has to be applied to a specific ACL.

So, suppose the internal address range that needs to be limited is the network 192.168.1.0/24, then this would become:

access-list guest-wireless-bandwidth extended permit ip 192.168.1.0 255.255.255.0 anyaccess-list guest-wireless extended permit ip any 192.168.1.0 255.255.255.0

Next, set up the QoS policy:

class-map qosmatch access-list guest-wireless-bandwidth policy-map qosclass qos

Provide bandwidth limitations (in this case, it's set to 10Mbp  ...