Wireless Access

New Contributor

Users 10 Mb of bandwidth until they have downloaded 5 Gb of data.

I want to give users 10 Mb of bandwidth until they have downloaded 5 Gb of data.  After that their bandwidth is throttled down to say 2 Mb until they hit 10 Gb of data then throttled back again to maybe 512 Kb.  I want to limit the few users that are download loads of unnecessary data.  I've read some articles about schools using ClearPass but no one ever tells how they accomplish this setup. 


Re: Users 10 Mb of bandwidth until they have downloaded 5 Gb of data.

Hmm... Sorry for the delay in a responce. I am not to sure about this one. @madjali @cappalli Do you guys know this one? 

Sean Rynearson

Re: Users 10 Mb of bandwidth until they have downloaded 5 Gb of data.

This is possible, however the method I show below will only change the user role (and thus their bandwidth restrictions) at time of login.   It is based on 5GB limit in last month.


This setup assumes you have defined the following on the Aruba controller:

  • user role for each level of bandwidth, the example below only  has two rules setup as that is what is in my lab.
  • Enable RADIUS interim accounting (AAA Profile --> RADIUS Interim Accounting = Enabled)
  • Assumes an 802.1X authenticated network


1. Enable Insight on CPPM




2. Enable Log Accounting Interim-Update Packets to True on CPPM (Administration --> Server Configuration --> Your Server --> Service Parameters --> Radius Server




3. Create new Authentication Source to monitor usage

  • Name - XXXXXX
  • Type - Generic SQL DB
  • Primary tab
    • Server Name - localhost
    • DB Name - insightdb
    • Login Username - appexternal
    • Login Password - enter the password (can be set under Administration --> Server Configuration --> Cluster-Wide Parameters --> Database
  • Attributes tab
    • Filter Name - MONTHLY USAGE
    • Filter Query (click Add more filters)
      • SELECT COALESCE(sum(input_bytes+output_bytes),0) as usage_byte,
        COALESCE(CEIL(sum(input_bytes+output_bytes)/1024),0) as usage_KB,
        COALESCE(CEIL(sum(input_bytes+output_bytes)/1024/1024),0) as usage_MB,
        COALESCE(CEIL(sum(input_bytes+output_bytes)/1024/1024/1024),0) as usage_GB
        FROM radius_acct WHERE username='%{Authentication:Username}' AND start_time BETWEEN date_trunc('month',NOW()) AND NOW();
      • Enter Attributes as below




4. Setup CPPM Roles and Role Mapping

  • Create CPPM Roles for each BW restriction (this example has 2)
  • Create Role Mapping for assigning TIPS Roles (this example is based on 5GB)
role mapping.png



5. Setup CPPM Enforcement Profile and Policy

  • Setup Enforcement Profiles to set Aruba-User-Role (which would have bw restrictions set)
  • Setup Enforcement Policy to apply above profiles



6. Create a service (or modify existing)

  • Ensure Authorization is enabled
  • Add above Authentication source to authorization tab

auth tab.png

  • Assign Role Mapping Policy from above
role mapping in service.png
  • Assign Enforcement Policy from above
policy in service.png


7.   Review Access Tracker on authentications to see Authorization MONTHLY USAGE is working.   Appropriate roles should be assigned and restrictions applied per your requirements and settings.


access tracker.png




Systems Engineer, Northeast USA

Search Airheads
Showing results for 
Search instead for 
Did you mean: