We’ve been using the router (PepLink Balance 710) and wireless access points (PepWave APs) to implement download/upload bandwidth limits, block sites and block specific services (e.g. no BitTorrent). However, in our our scenario, a simpler approach would be to allocate user/group download/update daily quota, and allow users to ‘self-regulate’ their usage of our internet links. So, for example, users could be automatically blocked after downloading X MB in a day.
I know this is not yet possible, and would like to suggest this as a feature request.
Related to this, it would be great if there are any additional ‘hidden’ capabilities of the Balance to help manage end-user usage.
Thanks for your feedback, Ray. Allowing a user to self-regulate bandwidth usage is a good approach - this avoids the classic tragedy of the commons. There are a numbers of items that need to be sorted out however - how we notify a user of the available bandwidth usage and how we warm a user when bandwidth allowance is running low etc.
Have you tried captive portal on AP One? There is a usage quota to help us restrict bandwidth usage by wireless clients.
Re: “Have you tried captive portal on AP One? There is a usage quota to help us restrict bandwidth usage by wireless clients.”
We started using the captive portal a couple of years ago, but abandoned the effort after observing many users unable to gain network access (often did not realize they needed to open their browser). I thought the captive portal usage limits were (are) time based though. Does the captive portal now also support daily transfer quotas?
This is very nice feature specially when creating traffic quota based on the MAC address rather than the IP address or both of them is appreciated.
managing clients Internet usage in home / small office environments is a headache and if this feature would be available in Peplink Balance 20/30 and
Surf SOHO models , I feel being in the heaven …
TK Liew - Thanks, this is a step in the right direction.
I went to the balance demo site and looked at the captive portal settings page.
Questions for you:
I need WPA2 user authentication. Our WLAN does not have a radius server. Do you know of a workaround for this?
My WLAN clients are divided into two groups; 1. Privileged (no quota rules) 2. Restricted (daily quota rules). So it seems that I would need two profiles for the captive portal. Would captive portal or any other peplink feature (incontrol2) allow me to implement this?
Does the AP controller reporting provide specific client statistics and data usage so I can identify which client’s are consuming the most data in a real time, daily, weekly & monthly basis ?
Can I suggest to use WPA/WPA2-Personal? Please go AP > Wireless SSID > Select your SSID > Security Settings > Choose WPA/WPA2 - Personal.
Captive Portal does not support multiple profiles. Can I suggest put these users into 2 Vlans (Privileged users in default Vlan and Restricted users in new Vlan), then only enable Captive Portal in Vlan2?
**Create new Vlan and enable Captive Portal **- Please go Network > LAN > IP Settings > Click “?” > Click “here” > Proceed > New LAN > Enter necessary parameters and ensure Captive Portal is check.
Can you see the top users for real-time traffics. Please go Status > Active Sessions > Top Clients.
Sorry - I did not specify in my original question. I need to implement WPA2 user authentication for the Captive Portal wifi clients. (Captive portal settings / access mode / offers “open access” or 'user authentication - ldap/radius ’ .
Furthermore, once clients connect to this captive portal, I only need the access rule quota rules for the “restricted” group to apply to a specific WAN2 interface (not all the WAN1 interfaces).
WAN #1 = unlimited bandwidth for privileged & restricted
WAN #2 = unlimited bandwidth for privileged & quota based (100MB/per day) for the restricted group
Is this possible?
What are the VLAN ID’s for the Manager, staff & guest groups? (Network /QOS/ user groups)
WPA is a security protocols and certification programs for Wifi. So it shouldn’t on Captive Portal. Normally Wifi authentication happened before Captive Portal. Let me explain the steps for your better understanding.
User boot up laptop and associates with SSID with WPA2. This SSID is belong to Vlan2 (for example).
User will get IP for Vlan 2 (e.g. 192.168.2.x) after authenticated.
This is depending which segment you added into Qos group. For example, 192.168.1.0 (Untagged Vlan) assigns to Manager then 192.168.2.0 (Vlan2) assigns to Staff.
Prior to your comment I had assumed the captive portal limit was a global limit rather than per device/user
gonna give this a try and recommend this to a couple of customers
This quota restriction includes all Internet and local traffic right? What if a device needs to access a local content video server with no quota because it is in the same LAN but at the same time be restricted with a quota for internet traffic?
We tried the “allowed networks” section but the traffic of the IPs/domains registered in the box still count for the quota. The difference is that you can access them after you reach the limit quota (time or data).
The idea is to let the users access the local video server without restrictions and limit by data quota the access to internet. It is for WiFi in buses so the data SIM consumption is important for the project.
Any suggestion to let the users access a local video server without restrictions and limit by data quota (with captive portal) the access to internet? The project is for public WiFi in buses using the MAX Transit.