Data download/upload quotas

We’ve been using the router (PepLink Balance 710) and wireless access points (PepWave APs) to implement download/upload bandwidth limits, block sites and block specific services (e.g. no BitTorrent). However, in our our scenario, a simpler approach would be to allocate user/group download/update daily quota, and allow users to ‘self-regulate’ their usage of our internet links. So, for example, users could be automatically blocked after downloading X MB in a day.

I know this is not yet possible, and would like to suggest this as a feature request.

Related to this, it would be great if there are any additional ‘hidden’ capabilities of the Balance to help manage end-user usage.

Thanks, Ray Brunsting

1 Like

Thanks for your feedback, Ray. Allowing a user to self-regulate bandwidth usage is a good approach - this avoids the classic tragedy of the commons. There are a numbers of items that need to be sorted out however - how we notify a user of the available bandwidth usage and how we warm a user when bandwidth allowance is running low etc.

Have you tried captive portal on AP One? There is a usage quota to help us restrict bandwidth usage by wireless clients.

1 Like

Hi Kurt. Thanks for your reply.

Re: “Have you tried captive portal on AP One? There is a usage quota to help us restrict bandwidth usage by wireless clients.”
We started using the captive portal a couple of years ago, but abandoned the effort after observing many users unable to gain network access (often did not realize they needed to open their browser). I thought the captive portal usage limits were (are) time based though. Does the captive portal now also support daily transfer quotas?


You are right, Ray. It is a time-based quota and probably wouldn’t help much in your case. Will need a bandwidth usage-based quota.

1 Like

Guys ,

This is very nice feature specially when creating traffic quota based on the MAC address rather than the IP address or both of them is appreciated.
managing clients Internet usage in home / small office environments is a headache and if this feature would be available in Peplink Balance 20/30 and
Surf SOHO models , I feel being in the heaven …


On and off we come across needs for user-defined user group is How many user group do we need?

And yes prioritising WAN for certain user group will complete user group QoS as well.

I am moving this to Feature Request forum for further comments. Anyone else with similar needs, feel free to chime in.

We definitely need this for our customers that have expensive metered satellite WAN connections.

We really need the ability to identify a wifi client/group by his mac address and then assign a daily/weekly /monthly data consumption quota.

  • Once the quota is reached, we need the ability to block further WAN traffic for that wifi client/group.
  • Finally, we need email notification for this quota event.

This feature is offered in the Kerio Control appliance.

Thanks in advance!!

Have you try Captive Portal? Captive Portal allows you to set Access Quota and Quota Reset Time. The quota limit is apply to individual.

1 Like

TK Liew - Thanks, this is a step in the right direction.

I went to the balance demo site and looked at the captive portal settings page.

Questions for you:

  1. I need WPA2 user authentication. Our WLAN does not have a radius server. Do you know of a workaround for this?

  2. My WLAN clients are divided into two groups; 1. Privileged (no quota rules) 2. Restricted (daily quota rules). So it seems that I would need two profiles for the captive portal. Would captive portal or any other peplink feature (incontrol2) allow me to implement this?

  3. Does the AP controller reporting provide specific client statistics and data usage so I can identify which client’s are consuming the most data in a real time, daily, weekly & monthly basis ?


  1. Can I suggest to use WPA/WPA2-Personal? Please go AP > Wireless SSID > Select your SSID > Security Settings > Choose WPA/WPA2 - Personal.

  2. Captive Portal does not support multiple profiles. Can I suggest put these users into 2 Vlans (Privileged users in default Vlan and Restricted users in new Vlan), then only enable Captive Portal in Vlan2?
    **Create new Vlan and enable Captive Portal **- Please go Network > LAN > IP Settings > Click “?” > Click “here” > Proceed > New LAN > Enter necessary parameters and ensure Captive Portal is check.

  3. Can you see the top users for real-time traffics. Please go Status > Active Sessions > Top Clients.

1 Like

TK - Thanks! Very helpful.

  1. Sorry - I did not specify in my original question. I need to implement WPA2 user authentication for the Captive Portal wifi clients. (Captive portal settings / access mode / offers “open access” or 'user authentication - ldap/radius ’ .

  2. Furthermore, once clients connect to this captive portal, I only need the access rule quota rules for the “restricted” group to apply to a specific WAN2 interface (not all the WAN1 interfaces).

WAN #1 = unlimited bandwidth for privileged & restricted
WAN #2 = unlimited bandwidth for privileged & quota based (100MB/per day) for the restricted group

Is this possible?

  1. What are the VLAN ID’s for the Manager, staff & guest groups? (Network /QOS/ user groups)


  1. WPA is a security protocols and certification programs for Wifi. So it shouldn’t on Captive Portal. Normally Wifi authentication happened before Captive Portal. Let me explain the steps for your better understanding.
  • User boot up laptop and associates with SSID with WPA2. This SSID is belong to Vlan2 (for example).
  • User will get IP for Vlan 2 (e.g. 192.168.2.x) after authenticated.
  • User opens browser and browses
  • Captive Portal will redirect user to build in/external Splash page.
  • Once user clicks “Agree” button then access quota will start counting the usage.
  1. This can be done on Outbound Policy. Please go Network > Outbound Policy. You can create rule for restricted group as below:-

  1. This is depending which segment you added into Qos group. For example, (Untagged Vlan) assigns to Manager then (Vlan2) assigns to Staff.
1 Like

Prior to your comment I had assumed the captive portal limit was a global limit rather than per device/user
gonna give this a try and recommend this to a couple of customers


Hi Michael,

This is per device quota limit.

1 Like

You are welcome. :slight_smile:

1 Like

Hi TK.

This quota restriction includes all Internet and local traffic right? What if a device needs to access a local content video server with no quota because it is in the same LAN but at the same time be restricted with a quota for internet traffic?


Hello @hcardenas,
If you are using InControl2, then you can enter the “Allowed Networks”

In the web admin for the device you can do the same with “Allowed Networks”

Have you tested either of these ?
Happy to Help,
Marcus :slight_smile:

Hi @mldowling!

Thanks for your reply :slight_smile:

We tried the “allowed networks” section but the traffic of the IPs/domains registered in the box still count for the quota. The difference is that you can access them after you reach the limit quota (time or data).

The idea is to let the users access the local video server without restrictions and limit by data quota the access to internet. It is for WiFi in buses so the data SIM consumption is important for the project.

Best regards!

Hi Team.

Any suggestion to let the users access a local video server without restrictions and limit by data quota (with captive portal) the access to internet? The project is for public WiFi in buses using the MAX Transit.

Best regards.