cancel
Showing results for 
Search instead for 
Did you mean: 

Single WLAN with dynamic VLAN rate limiting

stephen_radelic
New Contributor
We have an SSID setup with 802.1x authentication. The Virtual Smart Zone places you in the correct VLAN (Dynamic vlan) depending on your group membership. We want to rate limit one of the VLANs. What is the best solution and is this possible?
3 REPLIES 3

marcus_burton
New Contributor III
The best way to accomplish this is to use SmartZone role-based policy. When you get group membership (group attribute) from RADIUS, you can use that attribute to assign the user/device to a role, which has a User Traffic Profile (UTP) assigned to it. That UTP can contain L3-7 policies as well as rate limiting. Configuration steps are as follows:
  1. create a UTP with the rate limit policy (you can also do this from the role context, so it's an easier UI flow)
  2. create a role and tie that UTP to it
  3. configure your attribute-to-role mapping within the AAA server profile 

hyosang_choi
Valued Contributor
Marcus is perfectly conrrect.

And You must prepare ruckus VSA on ruckus server.


Image_ images_messages_5f91c436135b77e2479be128_54b7007aa804150017bbb309b7918ec5_RackMultipart201709281550810yg-f125c1b4-d326-4560-a07a-202d702ed870-705008168.PNG1506573453

 It must also send VSA with auth-accept-packet on Radius server.
Image_ images_messages_5f91c436135b77e2479be128_3aa13c8ead5352a6eba25127acc1f485_RackMultipart201709284522295r6-fa432753-eb87-49b2-9e76-61492135495c-1787423849.PNG1506573616

Then STRING into Ruckus-vsa and Role including UTF and VLAN is bound on vSZ.

Thanks.

supporto_ruckus
New Contributor II
Hi guys. I have similar issue. One SSID, dynamic vlan with 10 vlans. In each vlan I will have max 5 users. I want to apply rate limit for vlan: 10 Mbps for vlan1, 20 Mbps for vlan2, 30 Mbps for vlan3 and so on. Rate limit I want is for entire vlan, not for single user. I followed Marcus's suggest and I think in point 3 he indicates to create many User Traffic Profile mapping. Group attribute has the same name of group greated on radius server.

Image_ images_messages_5f91c443135b77e2479f2441_82fd42a29987e7cdf885582afe3d4c52_RackMultipart201711221180759ci-823af5af-3564-4dd7-ad02-e8a690492984-1890045796.png1511377069

After that, do I need to add some configurations on radius server or ruckus SZ? I cannot undestand the indications of Jeronimo. 

Thank you!