Traffic shaping per user



  • Apologies if this has been covered already, I've been searching but not found quite what i'm looking for.

    In our application we have multiple holiday guest rooms and a family will be allocated a login for their duration which is authenticated by a radius server. All this works quite well.

    A few problems we have been having; if a family has a handful of devices they could and do have multiple connections, we'd like to allocate for example 3mb/s to the login, so if one person within the family hogged the bandwidth then they take it from the rest of the family using the same login and not other guests using different logins.

    Is this possible to setup?  Could someone offer some guidence please.
    Thanks.



  • All the available options are on a per-IP/session basis, or require manual setup. There isn't a reasonable solution to accomplish exactly what you're looking for there.



  • I've setup an experimental pfsense firewall using the same config from our working setup. Enabling the traffic shaping per ser and then putting entries in the radrply tables i'm able to control bandwidth.

    However if I change the bandwidth in the radreply I need to disconne the user for the change to take effect. I turned on re-authenticate every minute and watching the radius logs I see that the firewall does indeed receive the reauthenticate packet and the updated reply with the new download setting is sent but it only takes effect if I disconnect the user and force them to login again.

    I'd like to be able to do it dynamically and without them having to login again.

    Is this a bug that dynamic changes in the radreply do not take effect or is it correct that the bandwidth limits are only setup at time of login and not changeable on the fly with the change in the radreply packet?



  • You cannot change any values on the fly with RADIUS, that requires a new session.



  • Thats a shame.

    I can see that when Reauthenticate connected users every minute is ticked that the radreply contains the new "WISPr-Bandwidth-Max-Down" and "WISPr-Bandwidth-Max-Up" values set.

    IS there not a way to get the new values to take effect without having to disconnect the user and allow them to reconnect ? -


Locked