This is possible, however the method I show below will only change the user role (and thus their bandwidth restrictions) at time of login. It is based on 5GB limit in last month.
This setup assumes you have defined the following on the Aruba controller:
- user role for each level of bandwidth, the example below only has two rules setup as that is what is in my lab.
- Enable RADIUS interim accounting (AAA Profile --> RADIUS Interim Accounting = Enabled)
- Assumes an 802.1X authenticated network
1. Enable Insight on CPPM
2. Enable Log Accounting Interim-Update Packets to True on CPPM (Administration --> Server Configuration --> Your Server --> Service Parameters --> Radius Server
3. Create new Authentication Source to monitor usage
- Name - XXXXXX
- Type - Generic SQL DB
- Primary tab
- Server Name - localhost
- DB Name - insightdb
- Login Username - appexternal
- Login Password - enter the password (can be set under Administration --> Server Configuration --> Cluster-Wide Parameters --> Database
- Attributes tab
- Filter Name - MONTHLY USAGE
- Filter Query (click Add more filters)
- SELECT COALESCE(sum(input_bytes+output_bytes),0) as usage_byte,
COALESCE(CEIL(sum(input_bytes+output_bytes)/1024),0) as usage_KB,
COALESCE(CEIL(sum(input_bytes+output_bytes)/1024/1024),0) as usage_MB,
COALESCE(CEIL(sum(input_bytes+output_bytes)/1024/1024/1024),0) as usage_GB
FROM radius_acct WHERE username='%{Authentication:Username}' AND start_time BETWEEN date_trunc('month',NOW()) AND NOW(); - Enter Attributes as below
4. Setup CPPM Roles and Role Mapping
- Create CPPM Roles for each BW restriction (this example has 2)
- Create Role Mapping for assigning TIPS Roles (this example is based on 5GB)
5. Setup CPPM Enforcement Profile and Policy
- Setup Enforcement Profiles to set Aruba-User-Role (which would have bw restrictions set)
- Setup Enforcement Policy to apply above profiles
6. Create a service (or modify existing)
- Ensure Authorization is enabled
- Add above Authentication source to authorization tab
- Assign Role Mapping Policy from above
- Assign Enforcement Policy from above
7. Review Access Tracker on authentications to see Authorization MONTHLY USAGE is working. Appropriate roles should be assigned and restrictions applied per your requirements and settings.
***