Captive Portal Bandwidth issue
-
Hoping someone can shed some light as to what my issue may be. I have a small installation that has been running for some time and had some users having issues with our HotSpot. I assumed it was due to wireless coverage and upgraded stuff and assumed that would solve the issues but still had issues on HotSpot which is running captive portal. I had limiters fq_codel which I had set to 150mbps but I am only getting 30-50mbps. I removed the limiters from the Hotspot rule but see no difference in performace. Captive portal for me is just mac based and once they have accepted the terms it records mac and they are allowed through.
I upgraded from 2.7 to latest 2.7.2 and saw no difference, when using the same AP with no captive portal I can get wire speed, just when using the captive portal am I seeing the issue. I did some searching and see some old bugs but nothing really lately, if anyone has any suggestions on what could be the issue let me know, thanks.
-
@bishoptf said in Captive Portal Bandwidth issue:
I had limiters fq_codel which I had set to 150mbps
This exists :
-
@Gertjan thanks for the quick reply, I am not using that setting it is unchecked and currently I have the limiter no enabled and not even applied to the interface rules so it shouldnt be in play at all. I do have a lot of mac addresses listed, not sure how many but there are a bunch.
-
@bishoptf
Well, if you have nothing that limits the speed, two factors still exist : the radio speed and the cable speed.
The AP can be tested easily : instead of using Wifi, use a cable connection.
Btw : speed is determined by the AP and the client radio of couse.There are already limiters for each device connected to the portal : Diagnostics > Limiter Info
@bishoptf said in Captive Portal Bandwidth issue:
I do have a lot of mac addresses listed
Actively connected devices ? Wouldn't that influence the speed also ?
-
@Gertjan said in Captive Portal Bandwidth issue:
@bishoptf
Well, if you have nothing that limits the speed, two factors still exist : the radio speed and the cable speed.
The AP can be tested easily : instead of using Wifi, use a cable connection.
Btw : speed is determined by the AP and the client radio of couse.There are already limiters for each device connected to the portal : Diagnostics > Limiter Info
@bishoptf said in Captive Portal Bandwidth issue:
I do have a lot of mac addresses listed
Actively connected devices ? Wouldn't that influence the speed also ?
No active users, I have multiple SSID's and when not using the captive portal I get what I expected close to 300mbps, only when I am using the captive portal am I seeing the low speeds, actually appears like its being limited. I should easily see 100mbps but I did not have my dongle for wired so I was unable to test that but my guess it will be the same. No just have a lot of mac addresses approved, active users were low to none except me testing.
-
I connected my desktop PC directly to my main switch which is connected to the captive portal.
I had to login, of course.
Initially, I was somewhat surprised. Then I looked at my switch : a very old 100 Mbit switch
There were other hotel clients connected at that moment, so I guess the speed is maxing out for me.
Btw : something else : I'm using 24.03 on a 4100, not 2.7.2, although I think doesn't create any difference.
-
@Gertjan said in Captive Portal Bandwidth issue:
I connected my desktop PC directly to my main switch which is connected to the captive portal.
I had to login, of course.
Initially, I was somewhat surprised. Then I looked at my switch : a very old 100 Mbit switch
There were other hotel clients connected at that moment, so I guess the speed is maxing out for me.
Btw : something else : I'm using 24.03 on a 4100, not 2.7.2, although I think doesn't create any difference.
Yeah im running CE on custom hardware althought the CPU etc is not an issue. My internet connection is 600mbps and I can do wire speed, my only issue is the captive portal interface. Its almost acting like I do have per user bandwidth selected when I do not. Something is limiting the bandwidth but right now I have no idea...:)
-
I have thought about deleting the interface and creating a new one, not sure if that will dump the mac address database or not but wondering if starting fresh with that interface would make a difference. The other thing I thought about was to disable captive portal on the interface and see if that makes any difference...so more testing, not sure what I am going to do if I drop captive portal and the speed is fine since I am not sure what is broken in it.
Thanks for the suggestions.
-
@bishoptf said in Captive Portal Bandwidth issue:
I have thought about deleting the interface and creating a new one, not sure if that will dump the mac address database or not but wondering if starting fresh with that interface would make a difference.
I can't see why that would be needed.
A portal interface is like any other interface.
Just de activated the portal on that interface, and you'll find the "1 Gbits/sec" if that is the speed of your interface.Be aware : I presume a "real" interface; not some realtek or worse, a USB NIC, as these are plain horrible.
-
@Gertjan said in Captive Portal Bandwidth issue:
@bishoptf said in Captive Portal Bandwidth issue:
I have thought about deleting the interface and creating a new one, not sure if that will dump the mac address database or not but wondering if starting fresh with that interface would make a difference.
I can't see why that would be needed.
A portal interface is like any other interface.
Just de activated the portal on that interface, and you'll find the "1 Gbits/sec" if that is the speed of your interface.Be aware : I presume a "real" interface; not some realtek or worse, a USB NIC, as these are plain horrible.
Not a realtek interface its a 1gb multiple port Intel card although I am trunking multiple vlans using one interface, dot1q and the other dot1q interface is fine, its just the captive portal interface that I am seeing the issue with. I understand the issue with realtek but I have had issues with intel's also, so theres that.
-
@bishoptf said in Captive Portal Bandwidth issue:
I understand the issue with realtek but I have had issues with intel's also, so theres that.
I know, even Intel can fail. The contrat would surprise me. Had to mention these type of interfaces, as it's not uncommon to find out after days of debugging that it was a
USB NIC that only works well on paper. -
@Gertjan said in Captive Portal Bandwidth issue:
@bishoptf said in Captive Portal Bandwidth issue:
I understand the issue with realtek but I have had issues with intel's also, so theres that.
I know, even Intel can fail. The contrat would surprise me. Had to mention these type of interfaces, as it's not uncommon to find out after days of debugging that it was a
USB NIC that only works well on paper.Understand, been doing this for a long time and I have seen plenty of interface card issues, I do not believe that to be the issue since the other interface that is trunked but not behind captive portal sees no issue. Im scratching my head since I just do not know what the issue is and where to look etc... :)
-
Remove all possible 'source of problems' : reserve a NIC for the the portal without any VLAN stuff.
-
@Gertjan said in Captive Portal Bandwidth issue:
Remove all possible 'source of problems' : reserve a NIC for the the portal without any VLAN stuff.
I wish I could but I do not have the luxury no more ports to be had EXCEPT for a realtek interface....I'd rather not do that...my current plan is to disable the captive portal on the interface and test and see what that does, if I get normal speeds then something in captive portal is bodged up or my configuration which is drop dead simple but thats my current plan.
-
Had someone on location that could do some testing, turning off captive portal returned the performance compared to the other interfaces so it's something going on with captive portal portion. Any suggestions on where to look?
-
@bishoptf
Not yet.
This afternoon (GMT) I'll hook up my PC directly to the captive portal interface without the limiting 100 Mbit switch.I should see :
as that's my LAN/WAN/whatever 'physical' limit.
Keep in mind that the captive portal is not 'some code' or special 'interface mode'.
It's just two or three 'pf' firewall rules, the same rules that are used on your LAN and other interfaces.
You can see them here : take a look at /tmp/rules.debug -
@Gertjan said in Captive Portal Bandwidth issue:
@bishoptf
Not yet.
This afternoon (GMT) I'll hook up my PC directly to the captive portal interface without the limiting 100 Mbit switch.I should see :
as that's my LAN/WAN/whatever 'physical' limit.
Keep in mind that the captive portal is not 'some code' or special 'interface mode'.
It's just two or three 'pf' firewall rules, the same rules that are used on your LAN and other interfaces.
You can see them here : take a look at /tmp/rules.debugYea, understand all I know is if I turn Captive portal OFF I get wire speeds or what I expect, if I turn Captive portal ON I get 30mbps or there abouts. I have nothing enabled from a bandwidth restriction. I've toggled the per user bandwidth on and off and even tried to set a number and still get the same speed. It's no longer working for me and not sure what or how its broke.
Thinking of backing up the portal configuration and restoring the captive portal configuration to a new zone since I am not sure what else to try.
-
I just checked the xml and counted how many MAC addresses I have and its 1367. Not sure if that is an issue but the other thing I notice is that when I make edit the captive portal and I go to save it takes forever to save etc. Contemplating just getting rid of Captive Portal altogether since all it does is displays terms and conditions.
-
@bishoptf said in Captive Portal Bandwidth issue:
I just checked the xml and counted how many MAC addresses I have and its 1367
??? And now you tell this ?
Check Diagnostics > Limiter Info page : you have 2x1367 pipes and 2x1367 schedulers ?
No need to check the xml config file manually, you can see them on the portal's "MACs" page.Yeah, that can/could explain the/a difference.
See one thread lower, see/click here, where I added 500 randomly generated MAC into the portal's "MACs" page.
That didn't make any difference - in speed - for me.Still, strange, a captive portal is by nature non-trusted network, and people have to do some work to join the portal = they have to login. And when they are thrown off, because of a time out for example, they have to login again. That's the price they have to pay for a free internet access.
Adding all those macs of these devices means you have a lot of devices that have access "all the time" on your portal so they are not really strangers or unknown people. Administrating them like this, on a portal, is a pain. -
@Gertjan said in Captive Portal Bandwidth issue:
@bishoptf said in Captive Portal Bandwidth issue:
I just checked the xml and counted how many MAC addresses I have and its 1367
??? And now you tell this ?
Check Diagnostics > Limiter Info page : you have 2x1367 pipes and 2x1367 schedulers ?
No need to check the xml config file manually, you can see them on the portal's "MACs" page.Yeah, that can/could explain the/a difference.
See one thread lower, here, where I added 500 randomly generated MAC into the portal's "MACs" page.
That did't make any difference for me.Still, strange. A captive portal is by non trusted network, and people have to do some work to join the portal = login.
Adding all those macs of these devices means you have a lot of devices that have access "all the time" on your portal so they are not really strangers or unknown people. Administrating them like this, on a portal, is a pain.Yeah its not really managing them, its a church and the click through is once for terms and conditions and then we record the mac address and from then on they are automatically authenticated. I was trying to avoid having them have to have a click through for each time they are connecting to hotspot. Trying to figure out how to do the terms and conditions another way, where its easy etc. I do not see a high CPU load but obviously its not working.
