Captive Portal Bandwidth issue

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf
Well, if you have nothing that limits the speed, two factors still exist : the radio speed and the cable speed.
The AP can be tested easily : instead of using Wifi, use a cable connection.
Btw : speed is determined by the AP and the client radio of couse.

There are already limiters for each device connected to the portal : Diagnostics > Limiter Info

@bishoptf said in Captive Portal Bandwidth issue:

I do have a lot of mac addresses listed

Actively connected devices ? Wouldn't that influence the speed also ?

No active users, I have multiple SSID's and when not using the captive portal I get what I expected close to 300mbps, only when I am using the captive portal am I seeing the low speeds, actually appears like its being limited. I should easily see 100mbps but I did not have my dongle for wired so I was unable to test that but my guess it will be the same. No just have a lot of mac addresses approved, active users were low to none except me testing.

Gertjan

@bishoptf

I connected my desktop PC directly to my main switch which is connected to the captive portal.

I had to login, of course.

Initially, I was somewhat surprised. Then I looked at my switch : a very old 100 Mbit switch

There were other hotel clients connected at that moment, so I guess the speed is maxing out for me.

Btw : something else : I'm using 24.03 on a 4100, not 2.7.2, although I think doesn't create any difference.

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf

I connected my desktop PC directly to my main switch which is connected to the captive portal.

I had to login, of course.

Initially, I was somewhat surprised. Then I looked at my switch : a very old 100 Mbit switch

There were other hotel clients connected at that moment, so I guess the speed is maxing out for me.

Btw : something else : I'm using 24.03 on a 4100, not 2.7.2, although I think doesn't create any difference.

Yeah im running CE on custom hardware althought the CPU etc is not an issue. My internet connection is 600mbps and I can do wire speed, my only issue is the captive portal interface. Its almost acting like I do have per user bandwidth selected when I do not. Something is limiting the bandwidth but right now I have no idea...:)

bishoptf

I have thought about deleting the interface and creating a new one, not sure if that will dump the mac address database or not but wondering if starting fresh with that interface would make a difference. The other thing I thought about was to disable captive portal on the interface and see if that makes any difference...so more testing, not sure what I am going to do if I drop captive portal and the speed is fine since I am not sure what is broken in it.

Thanks for the suggestions.

Gertjan

@bishoptf said in Captive Portal Bandwidth issue:

I have thought about deleting the interface and creating a new one, not sure if that will dump the mac address database or not but wondering if starting fresh with that interface would make a difference.

I can't see why that would be needed.
A portal interface is like any other interface.
Just de activated the portal on that interface, and you'll find the "1 Gbits/sec" if that is the speed of your interface.

Be aware : I presume a "real" interface; not some realtek or worse, a USB NIC, as these are plain horrible.

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf said in Captive Portal Bandwidth issue:

I have thought about deleting the interface and creating a new one, not sure if that will dump the mac address database or not but wondering if starting fresh with that interface would make a difference.

I can't see why that would be needed.
A portal interface is like any other interface.
Just de activated the portal on that interface, and you'll find the "1 Gbits/sec" if that is the speed of your interface.

Be aware : I presume a "real" interface; not some realtek or worse, a USB NIC, as these are plain horrible.

Not a realtek interface its a 1gb multiple port Intel card although I am trunking multiple vlans using one interface, dot1q and the other dot1q interface is fine, its just the captive portal interface that I am seeing the issue with. I understand the issue with realtek but I have had issues with intel's also, so theres that.

Gertjan

@bishoptf said in Captive Portal Bandwidth issue:

I understand the issue with realtek but I have had issues with intel's also, so theres that.

I know, even Intel can fail. The contrat would surprise me. Had to mention these type of interfaces, as it's not uncommon to find out after days of debugging that it was a USB NIC that only works well on paper.

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf said in Captive Portal Bandwidth issue:

I understand the issue with realtek but I have had issues with intel's also, so theres that.

I know, even Intel can fail. The contrat would surprise me. Had to mention these type of interfaces, as it's not uncommon to find out after days of debugging that it was a USB NIC that only works well on paper.

Understand, been doing this for a long time and I have seen plenty of interface card issues, I do not believe that to be the issue since the other interface that is trunked but not behind captive portal sees no issue. Im scratching my head since I just do not know what the issue is and where to look etc... :)

Gertjan

@bishoptf

Remove all possible 'source of problems' : reserve a NIC for the the portal without any VLAN stuff.

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf

Remove all possible 'source of problems' : reserve a NIC for the the portal without any VLAN stuff.

I wish I could but I do not have the luxury no more ports to be had EXCEPT for a realtek interface....I'd rather not do that...my current plan is to disable the captive portal on the interface and test and see what that does, if I get normal speeds then something in captive portal is bodged up or my configuration which is drop dead simple but thats my current plan.

bishoptf

Had someone on location that could do some testing, turning off captive portal returned the performance compared to the other interfaces so it's something going on with captive portal portion. Any suggestions on where to look?

Gertjan

@bishoptf
Not yet.
This afternoon (GMT) I'll hook up my PC directly to the captive portal interface without the limiting 100 Mbit switch.

I should see :

as that's my LAN/WAN/whatever 'physical' limit.

Keep in mind that the captive portal is not 'some code' or special 'interface mode'.
It's just two or three 'pf' firewall rules, the same rules that are used on your LAN and other interfaces.
You can see them here : take a look at /tmp/rules.debug

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf
Not yet.
This afternoon (GMT) I'll hook up my PC directly to the captive portal interface without the limiting 100 Mbit switch.

I should see :

as that's my LAN/WAN/whatever 'physical' limit.

Keep in mind that the captive portal is not 'some code' or special 'interface mode'.
It's just two or three 'pf' firewall rules, the same rules that are used on your LAN and other interfaces.
You can see them here : take a look at /tmp/rules.debug

Yea, understand all I know is if I turn Captive portal OFF I get wire speeds or what I expect, if I turn Captive portal ON I get 30mbps or there abouts. I have nothing enabled from a bandwidth restriction. I've toggled the per user bandwidth on and off and even tried to set a number and still get the same speed. It's no longer working for me and not sure what or how its broke.

Thinking of backing up the portal configuration and restoring the captive portal configuration to a new zone since I am not sure what else to try.

bishoptf

I just checked the xml and counted how many MAC addresses I have and its 1367. Not sure if that is an issue but the other thing I notice is that when I make edit the captive portal and I go to save it takes forever to save etc. Contemplating just getting rid of Captive Portal altogether since all it does is displays terms and conditions.

Gertjan

@bishoptf said in Captive Portal Bandwidth issue:

I just checked the xml and counted how many MAC addresses I have and its 1367

??? And now you tell this ?
Check Diagnostics > Limiter Info page : you have 2x1367 pipes and 2x1367 schedulers ?
No need to check the xml config file manually, you can see them on the portal's "MACs" page.

Yeah, that can/could explain the/a difference.

See one thread lower, see/click here, where I added 500 randomly generated MAC into the portal's "MACs" page.
That didn't make any difference - in speed - for me.

Still, strange, a captive portal is by nature non-trusted network, and people have to do some work to join the portal = they have to login. And when they are thrown off, because of a time out for example, they have to login again. That's the price they have to pay for a free internet access.
Adding all those macs of these devices means you have a lot of devices that have access "all the time" on your portal so they are not really strangers or unknown people. Administrating them like this, on a portal, is a pain.

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf said in Captive Portal Bandwidth issue:

I just checked the xml and counted how many MAC addresses I have and its 1367

??? And now you tell this ?
Check Diagnostics > Limiter Info page : you have 2x1367 pipes and 2x1367 schedulers ?
No need to check the xml config file manually, you can see them on the portal's "MACs" page.

Yeah, that can/could explain the/a difference.

See one thread lower, here, where I added 500 randomly generated MAC into the portal's "MACs" page.
That did't make any difference for me.

Still, strange. A captive portal is by non trusted network, and people have to do some work to join the portal = login.
Adding all those macs of these devices means you have a lot of devices that have access "all the time" on your portal so they are not really strangers or unknown people. Administrating them like this, on a portal, is a pain.

Yeah its not really managing them, its a church and the click through is once for terms and conditions and then we record the mac address and from then on they are automatically authenticated. I was trying to avoid having them have to have a click through for each time they are connecting to hotspot. Trying to figure out how to do the terms and conditions another way, where its easy etc. I do not see a high CPU load but obviously its not working.

Gertjan

@bishoptf said in Captive Portal Bandwidth issue:

for terms and conditions and then we record the mac address and from then on they are automatically authenticated

.... and the next time they drop by, their device, as they all do these days, generates a new random MAC address ... which will get stored also in portal.
Steady but slowly your portal will be brought to its knees because the MAC list will grow, and grow ....

It s a church, right ? people don't stay for hours, what about the plain and easy, and no hassle and no maintenance, classic login, maybe without a password, just an OK button.

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf said in Captive Portal Bandwidth issue:

for terms and conditions and then we record the mac address and from then on they are automatically authenticated

.... and the next time they drop by, their device, as they all do these days, generates a new random MAC address ... which will get stored also in portal.
Steady but slowly your portal will be brought to its knees because the MAC list will grow, and grow ....

It s a church, right ? people don't stay for hours, what about the plain and easy, and no hassle and no maintenance, classic login, maybe without a password, just an OK button.

Not sure I understand why it should matter, why if I am not using limiters would it cause a performance issue. I think its a bug myself since I do not think just having mac addresses should be causing a performance issue. I do not have a password, the only difference is I record the mac address today so they only have to do it once. I know on my phone i've never been prompted again.

Gertjan

@bishoptf

I connected my desktop PC to my main captive portal switch, this time it was 1 Gbit/sec switch.

I logged in, I'm using radius to login in, I guess that doesn't matter, there are no user or speed restrictions that I know of.

which is my ISP speed right now.

bishoptf

@Gertjan said in Captive Portal Bandwidth issue:

@bishoptf

I connected my desktop PC to my main captive portal switch, this time it was 1 Gbit/sec switch.

I logged in, I'm using radius to login in, I guess that doesn't matter, there are no user or speed restrictions that I know of.

which is my ISP speed right now.

Understand that its working for you but I am not using radius and not sure if that changes the behavior but it's not wiorking for me, or reduced bandwidth/performance issues. I am going to recreate the zone etc and do more testing and see if I can figure it out...