Per User Bandwidth Management for Wireless Networks

[Hidden Attribute]

Good evening everyone.

Can anyone please enlighten me as to how one can manage bandwidth allocation on a per user bases for wireless clients? Example: user A is limited up to 1Mbps, user B is limited to 2Mbps, and user C is limited to 512Kbps?

Limiting protocols on the network in general via QoS is straight-forward, it's the per user aspect that I need additional information on.



Thanks.

 

[MDE]

What device?

 

[Hidden Attribute]

What device?

No specific device - I was hoping this may be possible via ISA server, or Smoothwall, which would allow central control over each user/ user account, but clearly it doesn't. If it must be done on the device and device only, it would probably be running DD-WRT. Unless you have an alternate recommendation/ solution?

 

[DominionZA]

Can do this using Kerio Control. Not free though.

 

[DrJohnZoidberg]

Can do this using Kerio Control. Not free though.

This if you don't mind paying otherwise Smoothwall.

 

[paul5186]

You should be able to limit bandwidth on a mac address level, or if you are running static leases. Not sure on ISA or smoothwall. But I can do this from my Mikrotik or Ubiquiti Unifi.

 

[Hidden Attribute]

Can do this using Kerio Control. Not free though.

This is perfect! It can integrate with AD, or you can create users and groups on the OS itself, and manage it from there. Does anyone know of a free solution that can perform this?

 

[Hidden Attribute]

You should be able to limit bandwidth on a mac address level, or if you are running static leases. Not sure on ISA or smoothwall. But I can do this from my Mikrotik or Ubiquiti Unifi.

Mikrotik and Ubiquiti have some great solutions, but the issue with MAC and static IP based shaping policies is that it requires little to no skill to work around it. If a user knows for example, that IPs 192.168.0.1 - 192.168.0.100 are 1Mpbs, and IPs 192.168.0.101 - 192.168.0.200 are configured for 2Mbps, the user can easily just configure his/ her own static IP address to obtain the higher speeds. Also, as we know, MAC address spoofing is also extremely easy to perform, although it might take a bit more time to figure it out than simply specifying a static IP.

 

[DrJohnZoidberg]

Also look at pfSense, you can add rate limiting per IP as well as having it on a schedule. If you want to have more control you can also install squid which does integrate with AD.