Radius Throttelling on Captive Portal

  • Hi everyone !

    (sorry for poor English)

    Im looking for help regarding bandwidth throttle on clients connected to the captive portal and authenticated by a freeradius server.

    What we tried:

    1/ Enable "per User Bandw.. restriction"

    • Specify rates

    It works
    But : We want dynamic throtlling
    And : It seems to cause an issue, if the radius account has already a limiting rate in itself.

    No data exchange for the client in this case.

    2/  Enable "per user Bandw …"

    • No rates specified

    It doesnt work
    On accounts with radius specified limit rate, and on radius accounts with unlimited rate..


    So I have no solution, to limit bandwidth with radius

    Only everyone limiting through captive portal conf

    thats bad. :)
    How can we throttle non paying clients to 128K ?  :))


    I assume, we missed something,
    so thank you in advance for helping me

    Best regards

    Ps: Here running PF 2

  • Hi,

    did this help you?
    Are you using the freeradius2 package or another RADIUS server ?

  • HI nachtfalke !

    thanks for replying me..

    I will look your link, some infos are interesting inside, to adjust our conf.

    but I forget to mention :

    Our freeradius (v2) is outside the pfsense box

    (outside … our WANS)

    When an access accept is sent, i can see the into the freeradius log the bw limit  (over radiusd -X command)

    if I understand,

    We have to put "Enable per user bw limit"  and then leave the values empty or to zéro ?

    this doesnt work

    Login completes, but then no traffic is allowed through the pf CP


  • Is your RADIUS sending the correct attributes:


    These attributes are Reply-attributes and must to be sent from RADIUS to CP.

    As far as I know it works this way:
    If you put any value on CP page then CP will use this value UNTIL there is another value sent from RADIUS.

  • HI thank you again for replying me :)

    so did I unterstood it too.

    would you know where I can check this into freeradius?

    Best regards

  • @Bonline:

    HI thank you again for replying me :)

    so did I unterstood it too.

    would you know where I can check this into freeradius?

    Best regards

    That depends on where you store the users. If you store them in the "users" file in ../raddb/ folder then it would look like this:

    "Testuser" Cleartext-Password := "testpassword"
    	WISPr-Bandwidth-Max-Up := 524288,
    	WISPr-Bandwidth-Max-Down := 2097152

    If you store it in a MySQL database - I do not use any database - this would be probably stored in any "radreply" table.

    If you are running freeradius in debug mode "radiusd -X" then you can check this if a user connects then the radius server must answer with the two attributes from above. If the server does not send these attributes you must configure your freeradius server.

Log in to reply