Limit Client Usage


Is there any way to limit the amount of internet usage a specific client can consume? I have a client that is using 10GB+ per day. I’d like to set a limit to 5GB per day. I know the client’s mac address, and I found a way to limit the amount of bandwidth a client can consume. In my case I want to set a client allowance per day.

I’m using a Max Transit Duo with 4 cellular SIMS.

Thank you,

Just to clarify the question. By “consume” do you mean download only, upload only or the combination?

This is a bit of a kluge:

If you’re willing to inconvenience that user a bit then you may be able to achieve the objective by creating a captive portal on a separate VLAN for users that you want to limit and then set the usage and access policies appropriately (e.g., set each person up as a “guest user” with a 5GB/day quota (resets once every 24 hours)).

There may be better ways…



Preferably the allowance would be based on the total usage including upload and download.

That sounds like it would work. Can you point me in the right direction for implementation of this solution?

In InControl2:

Under Network Settings:

  • Create a Captive Portal (named, e.g., “ConstrainedAccess”). For access control you have a number of options, one being “Guest Account” (others might be applicable as well, e.g. “Token”).
  • After enabling “Guest Account” save the configuration, then return to it and under “Guest Account” click on “Manage”. Then define the user accounts (which may be managed right there or imported from a CSV file) and set the usage quota and the reset interval (in your case every 1 days).
  • Create the VLAN for constrained-usage connections (named, e.g., “Constrained”). Select “ConstrainedAccess” as the associated captive portal.

You can work with a variety of access controls (e.g., MAC addresses) besides the guest login option.

FWIW: From my limited experience with the “Guest Account” constraint it seems that the enforcement of the constraint (e.g., 5GB/day) is a bit sloppy (i.e., the user may run over before being stopped).

My experience with the portal mechanism generally is not extensive (primarily employing the “Token” access control mechanism), so wiser heads may want to improve or propose alternative strategies.



Thank you! I will try this and report back. I really appreciate you taking the time to send these details.