Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limit bandwith & volume to some mobile users/devices

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 734 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      Peter-Z
      last edited by

      Hi guys,

      Is there a way to limit the bandwith/volume for certain people/devices that use my wifi?
      My own internetconnection is already quite limited and I would like know if I can give controlled access to a neighbor who came from abroad and doesn't have an internet connection.

      The LAN connection from my pfsense box goes to a SIP/switch/AP device which I also use for my own wifi at home.
      On my AP I can activate a second guest SSID but that's it, so no possibilities here.
      Can pfsense somehow do this without any additional hardware?

      Thanks in advance!
      P.

      ps: since I didn't know how, I posted in general but if there is better section, can a mod please move my post?

      pfSense 2.2.3 on Atom D510

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        The second guest SSID, or an external WiFi AP pointing at his house, would need to be on a separate interface to make it properly secure. If you have another physical interface on your pfSense, then easy. Otherwise you need a VLAN switch (small ones are cheap these days) and you can put the device that goes towards his house onto a separate VLAN.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • T Offline
          tgharold
          last edited by

          You need to segregate those clients on a separate LAN (or VLAN).  That means:

          • A second WiFi Access Point, or a WAP that understands VLANs and lets you assign the different SSIDs to different VLANs

          • A switch that understands VLANs, or a separate interface on the pfSense firewall box

          I'm doing a mix of the two methods, I have VLANs on my network switches, and one of those VLANs is for "guests".  The guest VLAN connects to a cheap consumer WAP which doesn't understand VLANs, but the network switch handles that issue.

          Now that the guest WAP is on a separate VLAN, I can assign limiters in the pfSense firewall rules to any traffic coming from the guest VLAN and going to/from the internet.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.