Per IP / Per VLAN - Bandwidth Throttling



  • Hi everyone,
    I was hoping someone could point me to the correct forum post or if it does not exist help me with a bandwidth throttling question.

    I am trying to throttle bandwidth in my system as there is a need for separate VLANs that have been created to get designated bandwidth and their users per VLAN.

    So I do know how to throttle either a VLAN or users per IP using the "Traffic Shaper: Limiter" feature and then applying that to a firewall rule per VLAN.
    I just cant seem to figure out how to do both at the same time per VLAN.

    So for a small example

    If there are 3 VLANs each VLAN would need the following. This is just an example of the bigger picture of our system

    Total bandwidth 100Mbps / 100Mbps

    VLAN 10 - Throttle VLAN 50Mbps / 50Mbps - Throttle Per IP 5Mbps / 5Mbps
    VLAN 11 - Throttle VLAN 25Mbps / 25Mbps - Throttle Per IP 2Mbps / 2Mbps
    VLAN 12 - Throttle VLAN 25Mbps / 25Mbps - Throttle Per IP 3Mbps / 2Mbps

    any guidance with this would be greatly appreciated.



  • are you planning on using transparent squid with this deployment, it is my understanding that limiters do not work together with transparent squid…



  • No not using Transparent Squid.



  • see https://forum.pfsense.org/index.php?topic=63531.msg364520#msg364520 for a guide, bear in mind that it will evenly distribute bandwidth among uses covered by the firewall rule. you will need to experiment further to get the minimum bandwidth per host working though.

    in the event that you do please post how u did it on the same thread so others can do the same.



  • I did see this,
    Have not tried it yet.

    I do need to find a solution where I can give users on a VLAN that has a bandwidth limit a further limit per IP though.



  • its a decent starting point, and a part of my current setup which is similar except for the minimum bandwidth. i do find that in order to properly test speed limiting i use a separate browser (not tab or window) and i start it up only for testing.


  • LAYER 8 Netgate

    Seems it should be possible to regulate overall line usage using the traffic shaper and per-host limits using the limiter.



  • If you want to limit wan traffic to a specific site, you can also have a look at my Definitive Guide to Limit Facebook traffic:
    https://aubreykloppers.wordpress.com/2015/07/22/pfsense-and-shaping-facebook-the-definitive-guide/
    It really works and it works well!

    cyber7-out


Log in to reply