Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Users 10 Mb of bandwidth until they have downloaded 5 Gb of data.

This thread has been viewed 1 times

  • 1.  Users 10 Mb of bandwidth until they have downloaded 5 Gb of data.

    Posted Feb 24, 2016 04:08 PM

    I want to give users 10 Mb of bandwidth until they have downloaded 5 Gb of data.  After that their bandwidth is throttled down to say 2 Mb until they hit 10 Gb of data then throttled back again to maybe 512 Kb.  I want to limit the few users that are download loads of unnecessary data.  I've read some articles about schools using ClearPass but no one ever tells how they accomplish this setup. 



  • 2.  RE: Users 10 Mb of bandwidth until they have downloaded 5 Gb of data.

    EMPLOYEE
    Posted Feb 24, 2016 09:07 PM

    Hmm... Sorry for the delay in a responce. I am not to sure about this one. @madjali @cappalli Do you guys know this one? 



  • 3.  RE: Users 10 Mb of bandwidth until they have downloaded 5 Gb of data.
    Best Answer

    Posted Feb 25, 2016 12:53 AM

    This is possible, however the method I show below will only change the user role (and thus their bandwidth restrictions) at time of login.   It is based on 5GB limit in last month.

     

    This setup assumes you have defined the following on the Aruba controller:

    • user role for each level of bandwidth, the example below only  has two rules setup as that is what is in my lab.
    • Enable RADIUS interim accounting (AAA Profile --> RADIUS Interim Accounting = Enabled)
    • Assumes an 802.1X authenticated network

     

    1. Enable Insight on CPPM

    enable-insight.png

     

     

    2. Enable Log Accounting Interim-Update Packets to True on CPPM (Administration --> Server Configuration --> Your Server --> Service Parameters --> Radius Server

    log-updates.png

     

     

    3. Create new Authentication Source to monitor usage

    • Name - XXXXXX
    • Type - Generic SQL DB
    • Primary tab
      • Server Name - localhost
      • DB Name - insightdb
      • Login Username - appexternal
      • Login Password - enter the password (can be set under Administration --> Server Configuration --> Cluster-Wide Parameters --> Database
    • Attributes tab
      • Filter Name - MONTHLY USAGE
      • Filter Query (click Add more filters)
        • SELECT COALESCE(sum(input_bytes+output_bytes),0) as usage_byte,
          COALESCE(CEIL(sum(input_bytes+output_bytes)/1024),0) as usage_KB,
          COALESCE(CEIL(sum(input_bytes+output_bytes)/1024/1024),0) as usage_MB,
          COALESCE(CEIL(sum(input_bytes+output_bytes)/1024/1024/1024),0) as usage_GB
          FROM radius_acct WHERE username='%{Authentication:Username}' AND start_time BETWEEN date_trunc('month',NOW()) AND NOW();
        • Enter Attributes as below

    mth-usage.png

     

     

    4. Setup CPPM Roles and Role Mapping

    • Create CPPM Roles for each BW restriction (this example has 2)
    roles.png
    • Create Role Mapping for assigning TIPS Roles (this example is based on 5GB)
    role mapping.png

     

     

    5. Setup CPPM Enforcement Profile and Policy

    • Setup Enforcement Profiles to set Aruba-User-Role (which would have bw restrictions set)
    prof1.png
     
     
    prof2.png
     
    • Setup Enforcement Policy to apply above profiles
    policy1.png

     

     

    6. Create a service (or modify existing)

    • Ensure Authorization is enabled
    • Add above Authentication source to authorization tab

    auth tab.png

     
    • Assign Role Mapping Policy from above
    role mapping in service.png
    • Assign Enforcement Policy from above
    policy in service.png
     
     

     

    7.   Review Access Tracker on authentications to see Authorization MONTHLY USAGE is working.   Appropriate roles should be assigned and restrictions applied per your requirements and settings.

     

    access tracker.png

     

     

    ***