Looking for Pepwave RADIUS Attribute-Value Pairs


#1

On a Radius Access-Accept it is possible for the Radius send to send “Attributes” to the Peplink that are specific the authenticated user.

For example, on other Routers, you can send the user’s maximum download and upload bandwidth with the WISPr-Bandwidth-Max-Down and WISPr-Bandwidth-Max-Up RADIUS Attribute-Value Pairs.

For example, Radius server sends:

Code: Access-Accept
Identifier: 175
Authentic: <111><222><333>’<1><111><222><333><111><111>I<222>?F2<111>
Attributes:
Framed-IP-Address = 255.255.255.254
Idle-Timeout = 0
Framed-Netmask = 255.255.255.255
Service-Type = Framed-User
WISPr-Bandwidth-Max-Down = 1573864
WISPr-Bandwidth-Max-Up = 314772

However the WISPr-Bandwidth AV-Pairs are ignored by the Peplink routers.

Are there Pepwave or Peplink specific Radius AV-Pairs that can be used to control user’s bandwidth limits or other functionality?


#2

Can you further elaborate the use case and share the models/firmware details?


#4

Pepwave MAX BR1 Mini running 7.0.1 build 2621

On a Radius server you can configure user profiles that contain generic and vendor specific parameters. So for example, certain users can be limited in their download speed to 1.5Mbps and others can be limited to 3Mbps, while others can have no limit.

When a user puts his username and password, the Radius Authentification process will send from the Radius Server to the router an Access-Reject or Access-Accept. If it is an Access-Accept, it will send the correspondance user’s profile parameters to the router. So, there is a particular Radius parameter called “WISPr-Bandwidth-Max-Down” that can be set on a user’s profile to limit their download speed.

It appears that the Pepwave ignores this parameter, since it lets everyone unlimited download speed irregardless of what this parameter is set to. On Cisco, Meraki, Mikrotik, Aruba this parameter works as it should.

Each hardware vendor has its own configurable RADIUS Attribute-Value Pairs (aka AV-Pairs) known as VSA’s. that are defined once in the Radius dictionary, and then can be added with a specific value to a user’s profile.

Try googling “radius vendor specific attributes” and you will see articles on VSA’s for Cisco, IBM, Juniper, etc.


#5

Are you referring to Captive portal Authentication ? You can enable captive portal service for the BR1 Mini and this will allow you to control Per client bandwidth limit base on the Radius WISPr attribute.

P/S:
Per client bandwidth limit is base on RADIUS attributes WISPr-Bandwidth-Max-Down and WISPr-Bandwidth-Max-Up .

On MAX (BR1 Mini in this case), you need to additionally enable “Individual Bandwidth Limit” under “Advanced -> Bandwidth Control” in-order the Per client bandwidth work as expected.


#6

Thanks for your feedback -

I am using Captive Portal with Radius Authentication.

As per my original post, I have set
WISPr-Bandwidth-Max-Down = 1573864
WISPr-Bandwidth-Max-Up = 314772

and after the authentication, it uses unlimited download/upload speeds, ignoring the WISPr-Bandwidth Radius settings.

I tried checking the box in Bandwidth Control, and set the settings manually, but this makes the speeds the same for all users, and overrides the WISPr-Bandwidth Radius settings.

But, looking at your example, you left the Download and Upload at zero (even though it says 0 = unlimited), so I tried this hoping that “0 = unlimited or based on Radius WISPr-Bandwidth”, and voila, it works!

Thank You