how to limit internet traffic usage on students account

  • 1
  • Question
  • Updated 3 years ago
Do you know if there is a simple way to limit the internet traffic use of a student? 
I wonder there is a setting In HVM, when I see one student is using too much internet traffice everyday??

Cheers.
Photo of Jamie Cho

Jamie Cho

  • 27 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Kushar Perera

Kushar Perera

  • 13 Posts
  • 2 Reply Likes
Do you want to rate limit or capacity limit?
Photo of Jamie Cho

Jamie Cho

  • 27 Posts
  • 0 Reply Likes
Sorry I am not sure what they mean but a simple explanation from you will help me to understand better. I think I would like to use the both anyway because I would like to have a more control about students internet usage. Cheers.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
My thoughts are that you should be cautious to not create a problem in the quest to solve a problem that may not even exist.

Unused capacity on your network or Internet connection is squandered capacity.

What is 'too much' Internet? Specifically, what problem is this actually, tangibly causing you?

I would be far more concerned about ensuring that you have appropriate QoS on your network if you're experiencing issues with contention rather than limiting total amounts.

The salient question here is therefore: Is your WAN bandwidth capped?
Photo of Jamie Cho

Jamie Cho

  • 27 Posts
  • 0 Reply Likes

I know I don't use technical terms this happens to be my job here recently.

We have a ISP router connected to our firewall at 1Gbps.

Too much internet is like an user is downloading about 10GB everyday and there are more than a couple of users doing this. I want a firewall policy to limit the traffic use of each user per day.

I think we use the default QoS as we've never changed anything.

I don't see a trouble in the network at the moment but we think we need a policy if there is one we can use in aerohive manager.

Thanks.





Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Why 10 GB or a static limit? If this is not causing a tangible issue, you are trying to solve a problem that simply does not exist... :P

QoS techniques ensure that available resources are shared equitably in contention scenarios. With an uncapped 1 Gb/s connection, it is rather unlikely that you are using this to capacity.

I honestly think you are going about this and thinking about it in the wrong way. :)

Why curtail somebody's use case if it's not affecting anybody else?
(Edited)
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
I would tend to agree with Nick on this one. What you're effectively doing is implementing a feature that isn't really required for the sole reason that you may have an issue at some point in the future. My advice would be to use QoS to prioritise network services in order with your requirements (if you need to). As for bandwith limiting/traffic usage, wait until it actually becomes a problem that has an effect on network operation, then act :)  
(Edited)
Photo of Jamie Cho

Jamie Cho

  • 27 Posts
  • 0 Reply Likes
Alright. Thanks, guys.
Photo of John Fabry

John Fabry

  • 28 Posts
  • 8 Reply Likes
Jamie, when we see this we check home directories for files that should not be there, music movies.... then turn it over to administrators for disciplinary action. I agree with not fixing what is not broken.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
The issue may be that the school has a data cap on their ADSL connection, for example.  In this scenario setting a maximum data cap per student, for example, would be useful.

However, I would do it via a firewall close to the ADSL router as you are only worried about traffic from external sources and this would allow students to copy files, watch multimedia presentations, etc from internal servers.
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Agreed, that's why I said:

"The salient question here is therefore: Is your WAN bandwidth capped?"

I read "We have a ISP router connected to our firewall at 1Gbps" as meaning there's a leased line or equivalent without caps.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
ID Manager has the ability to limit an account to a specific traffic limit OR a specific access period but not both.

I am really keen to see a single Aerohive product with:

  • A more feature rich integrated HiveOS RADIUS
  • The equivalent of Client Management
  • The equivalent of ID Manager
This is one area of weakness for Aerohive.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Also, if you want to do it via external means, the primitives aren't quite there yet in HiveOS with the RADIUS accounting that takes place with 802.1X as the Acct-Multi-Session-Id is intermittently missing which breaks connection tracking over roaming from one BSS to another and the Acct-Session-Ids aren't constructed in a way that guarantees them to be unique which theoretically could cause issues. All session ids should have the properties of a GUID.

These issues will likely get mopped in a subsequent release.

On the feature request front though, there's also no RADIUS accounting for Open, PSK, PPSK, (and *cough* WEP...) when you configure MAC and/or CWP authentication so you can't track bandwidth via accounting use or control these sessions properly via CoA as you have neither an Acct-Session-Id or Acct-Multi-Session-Id to work with.

(There would be some thought needed in to deciding which auth type to account with where there's multiples configured: 802.1X, CWP and MAC auth. You wouldn't want independent accounting taking place where there's multiples and there'd need to be a hierarchy, presumably one that's configurable.)
(Edited)