Traffic shaping and vlans

    I have a 8860U(6 ports) and I am trying to apply some bandwidth limits.

    1 wan 1gb
    1 wan cable modem

    1 lan - company (full speed)
    1 vlan3 for ethernet1 (limited)
    1 vlan4 for access point (limited) (I have 2 physical APs)
    1 vlan5 for guest wireless (limited)

    I want to be to be able to use the cable modem as a failover for the main wan

    I want to be able to limit the bandwidth per user on each of the vlans.

    There is no need for each vlan to talk to each other but just need to communication with the Internet

    I think this is what needs to happen:

    • I use captive portal for vlans and use the feature to limit bandwidth there
    • each AP will connect on a separate port on the PF device
    • create groups and assign users to each group so that these groups can be used in the captive portal

    Also, I will be using layer 3 switches for vlan3 and lan.  I am not sure if I will be using the switch as managed or just a dumb switch.


    • is the above possible?
    • is using captive portal correct in this case?
    • can captive portal be used on wired connections too or only for wireless?
    • is it possible to have the users in the LAN group not have to go through the portal to access the Internet?
    • i might need another port on the PF Device.  If I do, can I put both AP on a switch and connect that to 1 physical port on the PF device and still be able to limit bandwidth separately while using 1 physical port?



