I would like to implement rate mimiting for Guest access. The idea is to limit each individual guest to appropriate bandwidth (for example 8mbit/s download and 4 mbit/s upload). But in the same time if I have more guests on the network I would like to protect WAN bandwidth and to limit all guests users just to 30 mbit/s download and 20 mbit/s upload.
So first per user rate limitation should be applied and then per SSID rate limitation should be applied.
Is it possible, please?
My second question regarding rate limitiation is if rate limitation is not contraproductive to fact that I want to serve all my wireless users ASAP to keep my channel clean as soon as possible.
So for example if Guest is trying to download 100 MB file with full rate (without limitation) then this guest will occupy my channel shorter time then with rate limitation to 8 mbit/s.
Is my assumption correct and rate limiting could be contraproductive to keeping channel free?
In case of controller, you can configure rate limit for role, user, ap group in both of stream under role.
For iAP, in SSID can be configured per user or SSID.
Maybe I didn't write it so clear as it should be.
I need to setup two kind of rate limiting in the same time.
One is per user rate limiting and also in the same time per role rate limitting.
Would it be possible basically to rate limit users individually and in the same time to setup that all users in particular role/ssid can't overpass certain bandwidth.
Limiting the rate by user or group is mutually exclusive: You can only do one or the other using a role with your current WLAN setup.
Checking to make sure that users do not consume over a certain bandwidth and doing something about it requires an external policy server like ClearPass, which would measure user traffic via radius accounting and then do something.
but with radius accounting you are able to check amount of data (MB) send and received by the user. If I am not mistaken, you are not able to check/limit upload and download speed (mbs).
So I think even CPPM won't help me to limit per user and per SSID speed in the same time.
Let's talk about requirements. What is the requirement and has it been implemented anywhere else?
So basically we are planning to add some Guests to network and we want to protect MPLS uplinks to be congested by Guest traffic (BYOD, IoT, Guest SSIDs).
So basically we have 3 SSIDs which can't consume more then certain % of the MPLS uplink.
Lets imagine that certain % of MPLS uplink is 40 Mbits. So in one hand all those 3 SSIDs can't consume more then 40 Mbits of uplink but in the same time, if I have just one user connected to BYOD SSID and no user on IoT and Guest then I do not want let this one user consume all 40 Mbits, I want to give him just 8 Mbits of download and 1 Mbits of upload.
So if I have 5 users connected they still have 8 Mbits download each and per site it will be still 40 Mbits.
But if I have 10 users connected we can't give them together 80 Mbits of download, so that is a reason to have in the same time rate limiting to keep all those three SSIDs together below 40 Mbits.
Are you using remote APS, a controller or instant APs at that remote site? That would determine what we can do from here..
We have basically two scenarios:
1. Controller on site with CAPs -> larger sites
2. for smaller sites we have centralized controller in DC and each AP on small site is conneted over MPLS to this centralized controller using GRE. So clasicall CAPs but over MPLS to controller in DC
Using Aruba Instant or with controller, can you measure the bandwidth per user?
For example, provide each student with a certain amount of bandwidth, and then be able to request another extra amount if this is needed.
Using the Captive Portal function, you can first put a survey as a portal, and then be connected to the internet?
You will need user accounting to accomplish this. Aruba ClearPass can help you accomplish this.
Thank you Jay.
And what about using the Captive Portal function, can you set first a survey as a Captive Portal and then be connected to the internet?
@Jibran.Azizwrote:You will need user accounting to accomplish this. Aruba ClearPass can help you accomplish this.
Yes you can. Please refer to below post:
Though that was for amigopod (now merged to ClearPass), stil very relavent to what you are after..
Undestood. ClearPass it's needed.Thank you Jay.
@Jibran.Azizwrote:Yes you can. Please refer to below post:http://www.amigopod.com/HOWTO/Survey/ Though that was for amigopod (now merged to ClearPass), stil very relavent to what you are after..
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.