Header Only - DO NOT REMOVE - Extreme Networks

bandwith per user on identifi login on captive portal


we have implemented and external captive portal that relies on an external RADIUS to make the final autihentication.

The login works and the identifi system get some parameters from our RADIUS like Session-timeout and Iddle-timeout

with others sistems we use some parameters WISPr-Bandwidth-Max-Up or WISPr-Bandwidth-Max-Down sometimes the are Vendor Especific attributes wich could be used.

my answer is theres some way we could possibly send from or RADIUS to identifi some parameter to make a bandwith control for that specific logged username?

The are some VSA to make bandwith control from RADIUS?
Maybe we could point to a rol/profile previosuly configured on identifi?

2 replies

Userlevel 3
You would define a Bandwidth profile Globally in the VNS area (you can define multiple) and then you would create a Class of Service (CoS) that applies the Bandwidth profile you desire for either outbound traffic or inbound, or both. That resultant CoS can be applied to a WLAN service as a whole, or it can be applied to a specific Role ... that you could assign to a specific user or groups of users via RADIUS in the form of a Filter-ID passed back to the controller upon successful authentication for the client.

Additionally, you can apply any CoS (and and bandwidth limiting that has been defined in it) to any individual Policy Rule that is defined for any given Role.

The bandwidth limiting will apply to each individual user in any of the above cases ... and not per WLAN or SSID.

Hope this helps.
Userlevel 6
Hi

Further to the comments above, see these documents:

Create the class of service(s) you require:

https://documentation.extremenetworks.com/wireless/v10_41/UG/Wireless/User_Guide/c_classes_of_service_overview.shtml

Assign the COS to a role:

https://documentation.extremenetworks.com/wireless/v10_41/UG/Wireless/User_Guide/c_roles_overview.shtml

Return the role via radius:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-assign-users-to-different-Roles-based-on-RADIUS-credentials-on-NPS-Server

-Gareth
Thank you so much for the info guys.

That parameter Filter-id should be send in the Acces-accept response form the RADIUS right?

should that paramter be set on radius reply? with which operator? i mean something like this:

Filter-id := "guest-role-name"
Maybe
Filter-id == "guest-role-name"

Reply