Traffic shaping on VLANs

krisken

Dear,

I have a pfsense 2.0 setup (latest update) with a 2 ISP setup (Dommel.com VDSL + Belgacom VDSL) with failover/loadbalancing between them.

The LAN side is as follows:

• 10.0.0.1/24 for all the pc's on a UTP cable (10.0.0.1 = pfsense)
• 10.1.0.1/24 is vlan 2 - private wifi (for myself and girlfriend + family if they come over)
• 10.2.0.1/24 is vlan 3 - public wifi (for everyone)
• 10.3.0.1/24 is vlan 4 - trusted wifi (for friends that come over, other people who use my internet connection in the building, …)

My AP do support VLAN tagging and can handle up to 5 different SSID's.  In this case

• 10.1.0.1 ==> private.wifi.office.it2go.eu (with WPA2)
• 10.2.0.1 ==> public.wifi.office.it2go.eu (no security)
• 10.3.0.1 ==> trusted.wifi.office.it2go.eu (with WPA2)

My internetconnection isn't that slow (Dommel = 30mbit down/4.5mbit up - Belgacom = 25mbit down/3.5mbit up) but i want to shape the vlans (if possible) so that one user can't take all the bandwidth.

• 10.0.0.1 ==> full speed
• 10.1.0.1 ==> full speed
• 10.2.0.1 ==> max 2mbit down, 0.5mbit up
• 10.3.0.1 ==> max 10mbit down, 1mbit up

Is that possible with pfsense, and if so, how do i have to do it (please step by step  ::) ).

clarknova

Are you trying to shape the whole vlan? Then create a parent queue on that interface in the traffic shaper and set the bandwidth accordingly.

Or are you trying to shape individual clients? Then create a limiter (in the shaper) and then a firewall rule on that interface that matches the subnet, with an in/out queue to match your limiter.

krisken

@clarknova:

Are you trying to shape the whole vlan? Then create a parent queue on that interface in the traffic shaper and set the bandwidth accordingly.

Or are you trying to shape individual clients? Then create a limiter (in the shaper) and then a firewall rule on that interface that matches the subnet, with an in/out queue to match your limiter.

Hi Clarcnova!
I want to shape the individual client to the speed limits above.
Is it possible to give me a how-to or explain it in clear text how i can fix it? ;-)
Eg : how to create a limiter/shaper etc?

Thanks for your quick answer!

clarknova

Ok, so I have an internal network called "WISP_BURGESS", and I want every client on that network to have 10/1 mbps. So I create 2 limiters in the traffic shaper, one for 10 mbps, the other for 1 mbps, with dst and src masks, respectively (see first two screenshots).

Next, I go to the firewall rules for the interface WISP_BURGESS and create a pass rule for that network choosing my up limiter as the "In" queue and the down limiter as the "Out" queue. (3rd screenshot). Save this rule and position it in your rules list as the default pass rule for that network.

krisken

Clarcnova : as soon as my new AP arrives, i'll let you know if it works or not!