A lot of users?
-
This post is deleted! -
Yup 'Client Isolation' should be handled in the Access Point(s).
You might also try dynamic limiters in pfSense to share the available bandwidth between connected users.
-
@josephchrzempiec This might be a violation of your ISPs terms of service. Check out that before you do anything.
-
@JKnott I'm not violating anything with my ISP. I have a Business class setup to do with whatever I like. Also I called my ISP and told them the story as long as I'm not reselling and profiting my bandwidth which I'm not i'm allow to give it away at no cost which I'm. and Also I went to my local branch ISP and talked to two management teams and they said it is prefectly fine. And any problems let them know. They even gave me pointers on how to be successful with this.
I'm all set on this subject.
-
@stephenw10 Is there some examples or some steps I can do for this to be limiting between users?
-
@Gertjan said in A lot of users?:
Most 'serious' access points can handle bandwidth limiting for every wifi user, >and, bonus, handle the client isolation for you, something the router you use, >pfSense in this case, can't do.
My access points can not do limiting for each user. It will have to be on the pfsense side to do this.
-
I don't think we have a specific example doc but this covers it: https://www.provya.com/blog/pfsense-limit-maximum-bandwidth-per-users-with-limiters/
-
@stephenw10 said in A lot of users?:
https://www.provya.com/blog/pfsense-limit-maximum-bandwidth-per-users-with-limiters/
Thank you I'm looking at it. The problem I have is the download speed is more then enough. Only thing I worry about if more and more people get on it that enough people wouldn't have enugh bandwidth to do anything.
upload speed is the same problem.
-
Exactly, so you set the total bandwidth at, say, 500Mbps and it assigns pipes dynamically depending on how many source/destination IPs are connected. I.e. Only one connected user would get 500Mbps but with 10 connected each would get 50Mbps.
Now that can still be an issue if you have 500 connected IPs!
But it prevents one user just sucking all the bandwidth. -
@stephenw10 Got you Thank you. Now i have to figure the whole not letting users see the router and each other. The bandwidth part I think figured it out.
-
Users don't see each other > 'client isolation' in the APs.
Users don't see the firewall > firewall rules in pfSense.
-
@stephenw10 Theses Ap are cheap chineses AP. they can see each other and no option to stop that as the firmware is limited. that is why they are cheap chinese AP.
As far as the not seeing the router I will look into that. Thank you.
-
Hmm, I would double check that. It might be renamed something by their firmware but I've never seen an AP that didn't have that option. It's a low level hardware setting that is present in everything.
Or you might be able to flash them with a 3rd party firmware that does expose it like OpenWRT.
-
@stephenw10 to be honest I'm not sure I will look through it again and look at the manual that was given as well.
-
What APs are they specifically?
-
@stephenw10 I didn’t buy them. They was giving to me by a friend of mine. They look like they have custom firmware on them. I looked them up and found them on made in china website. link text
-
So actually Comfast CF-EW71 devices?
Looks like they have some central management. Do you have that?
If those are v2 hardware it looks like OpenWRT recently added support.
-
May I suggest a Mikrotik AP device!
