Data download/upload quotas


#1

We’ve been using the router (PepLink Balance 710) and wireless access points (PepWave APs) to implement download/upload bandwidth limits, block sites and block specific services (e.g. no BitTorrent). However, in our our scenario, a simpler approach would be to allocate user/group download/update daily quota, and allow users to ‘self-regulate’ their usage of our internet links. So, for example, users could be automatically blocked after downloading X MB in a day.

I know this is not yet possible, and would like to suggest this as a feature request.

Related to this, it would be great if there are any additional ‘hidden’ capabilities of the Balance to help manage end-user usage.

Thanks, Ray Brunsting


#2

Thanks for your feedback, Ray. Allowing a user to self-regulate bandwidth usage is a good approach - this avoids the classic tragedy of the commons. There are a numbers of items that need to be sorted out however - how we notify a user of the available bandwidth usage and how we warm a user when bandwidth allowance is running low etc.

Have you tried captive portal on AP One? There is a usage quota to help us restrict bandwidth usage by wireless clients.


#3

Hi Kurt. Thanks for your reply.

Re: "Have you tried captive portal on AP One? There is a usage quota to help us restrict bandwidth usage by wireless clients."
We started using the captive portal a couple of years ago, but abandoned the effort after observing many users unable to gain network access (often did not realize they needed to open their browser). I thought the captive portal usage limits were (are) time based though. Does the captive portal now also support daily transfer quotas?

Ray


#4

You are right, Ray. It is a time-based quota and probably wouldn’t help much in your case. Will need a bandwidth usage-based quota.


#5

Guys ,

This is very nice feature specially when creating traffic quota based on the MAC address rather than the IP address or both of them is appreciated.
managing clients Internet usage in home / small office environments is a headache and if this feature would be available in Peplink Balance 20/30 and
Surf SOHO models , I feel being in the heaven …

Hootan


#6

On and off we come across needs for user-defined user group is How many user group do we need?

And yes prioritising WAN for certain user group will complete user group QoS as well.

I am moving this to Feature Request forum for further comments. Anyone else with similar needs, feel free to chime in.


#7

We definitely need this for our customers that have expensive metered satellite WAN connections.

We really need the ability to identify a wifi client/group by his mac address and then assign a daily/weekly /monthly data consumption quota.

  • Once the quota is reached, we need the ability to block further WAN traffic for that wifi client/group.
  • Finally, we need email notification for this quota event.

This feature is offered in the Kerio Control appliance.

Thanks in advance!!



#8

Have you try Captive Portal? Captive Portal allows you to set Access Quota and Quota Reset Time. The quota limit is apply to individual.



#9

TK Liew - Thanks, this is a step in the right direction.

I went to the balance demo site and looked at the captive portal settings page.

Questions for you:

  1. I need WPA2 user authentication. Our WLAN does not have a radius server. Do you know of a workaround for this?

  2. My WLAN clients are divided into two groups; 1. Privileged (no quota rules) 2. Restricted (daily quota rules). So it seems that I would need two profiles for the captive portal. Would captive portal or any other peplink feature (incontrol2) allow me to implement this?

  3. Does the AP controller reporting provide specific client statistics and data usage so I can identify which client’s are consuming the most data in a real time, daily, weekly & monthly basis ?

Thanks!!


#10
  1. Can I suggest to use WPA/WPA2-Personal? Please go AP > Wireless SSID > Select your SSID > Security Settings > Choose WPA/WPA2 - Personal.

  2. Captive Portal does not support multiple profiles. Can I suggest put these users into 2 Vlans (Privileged users in default Vlan and Restricted users in new Vlan), then only enable Captive Portal in Vlan2?
    **Create new Vlan and enable Captive Portal **- Please go Network > LAN > IP Settings > Click “?” > Click “here” > Proceed > New LAN > Enter necessary parameters and ensure Captive Portal is check.

  3. Can you see the top users for real-time traffics. Please go Status > Active Sessions > Top Clients.


#11

TK - Thanks! Very helpful.

  1. Sorry - I did not specify in my original question. I need to implement WPA2 user authentication for the Captive Portal wifi clients. (Captive portal settings / access mode / offers “open access” or 'user authentication - ldap/radius ’ .

  2. Furthermore, once clients connect to this captive portal, I only need the access rule quota rules for the “restricted” group to apply to a specific WAN2 interface (not all the WAN1 interfaces).

WAN #1 = unlimited bandwidth for privileged & restricted
WAN #2 = unlimited bandwidth for privileged & quota based (100MB/per day) for the restricted group

Is this possible?

  1. What are the VLAN ID’s for the Manager, staff & guest groups? (Network /QOS/ user groups)

#12

Hi,

  1. WPA is a security protocols and certification programs for Wifi. So it shouldn’t on Captive Portal. Normally Wifi authentication happened before Captive Portal. Let me explain the steps for your better understanding.
  • User boot up laptop and associates with SSID with WPA2. This SSID is belong to Vlan2 (for example).
  • User will get IP for Vlan 2 (e.g. 192.168.2.x) after authenticated.
  • User opens browser and browses www.google.com.
  • Captive Portal will redirect user to build in/external Splash page.
  • Once user clicks “Agree” button then access quota will start counting the usage.
  1. This can be done on Outbound Policy. Please go Network > Outbound Policy. You can create rule for restricted group as below:-


  1. This is depending which segment you added into Qos group. For example, 192.168.1.0 (Untagged Vlan) assigns to Manager then 192.168.2.0 (Vlan2) assigns to Staff.

#13

Prior to your comment I had assumed the captive portal limit was a global limit rather than per device/user
gonna give this a try and recommend this to a couple of customers


#14

THANKS - EXCELLENT SUPPORT!


#15

Hi Michael,

This is per device quota limit.


#16

You are welcome. :slight_smile: