Omada OC200 managed network, bandwidth limiting by SSID
Hi to all, i need to deploy an oc200 controller and a pair of eap APs but i have a doubt: Can i have authentication on the wifi with a simple password and automatically limit the bandwidth of each client for example to 2mbps/0,5Mbps using the rate by ssid? Or if i set such a rate on that ssid i set the total bandwidth to that ssid (so that if 10 smartphones are connected, they globally share the 2/0,5 mbps?).
Second question: in that scenario (wifi with simple password) does the OC200 logs all the connected mac addresses with associated local ip and for how much time? (in case i need to give it to the police)
Thanks in advance!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @TodNeykos,
Yes, and Yes.
When you create an SSID you can optionally limit the DL and UL BW permitted by each client that joins the SSID. SSID authentication (e.g. WPA, WPA2, Radius, etc.) is unrelated. So, yes, you would create a new SSID (or edit an existing) limit the BW for clients connecting to the SSID, and use whatever authentication mechanism (e.g. WPA2-PSK) you'd prefer.
Yes, the Omada Server / OC-200 do log all of the wireless user sessions. But, getting the data out in a report is somewhat limiting, especially on the OC-200. When using the software version (Omada Server on Windows or Linux) you can access both the underlying database and the web services API. There are a variety of threads on this board discussing various approaches.
-Jonathan
- Copy Link
- Report Inappropriate Content
You cannot set/limit the aggregate BW by SSID, only per client. So, aggregate usage will vary by number of clients connected and usage per client.
- Copy Link
- Report Inappropriate Content
TodNeykos wrote
Can i have authentication on the wifi with a simple password and automatically limit the bandwidth of each client for example to 2mbps/0,5Mbps using the rate by ssid?
Simple password authentication can be enabled in the portal. If you rather mean encryption, you can set a WPA2 pre-shared key (this is not authentication, it's encryption).
Rate-limiting a client does neither depend on authentication schemes nor on encryption methods. You can rate-limit clients as soon as they have associated with the WLAN the first time.
Or if i set such a rate on that ssid i set the total bandwidth to that ssid (so that if 10 smartphones are connected, they globally share the 2/0,5 mbps?).
No. Rate limits assigned to a SSID define the default limits for each client which will associate with this SSID. Think as of default rate limits for every user. Thus, you would set default rate limits as the SSID rate limits assigned to every client using this SSID. If you want to further limit a specific client, you would set additional rate limits for this specific client. Note that you can only reduce rate limits on a per-user base if default (SSID) limits are in place, but you cannot increase those default limits on a per-user base. The controller will use the minimum rate limits of SSID and client limits if both are given.
Second question: in that scenario (wifi with simple password) does the OC200 logs all the connected mac addresses with associated local ip and for how much time? (in case i need to give it to the police)
Omada controller saves a summary of all clients with their MAC address, but not with their IP. You can define how long to keep client statistics. Possible values are 7 days, 30 days, 60 days, 90 days, 180 days or 365 days.
Regarding the IP: why should an IP be given to the police? What could the police do with a private IP which is shared between many users over the time? Law enforcement can't investigate anyone because of a private IP, since those IPs do not appear anywhere outside the local network. Similar with the MAC. If they don't know the MAC from someone's device beforehand, they also can't investigate anyone because of the MAC. The MAC does also not appear anywhere outside the local network.
It's the MAC of your router resp. cable modem which appears in your ISP's network and an ISP can therefore investigate you using this MAC in the ISP's network. Similar with the IP: it's your router's IP which appears in the ISP's network and which is translated to a public IP appearing in the Internet. The ISP can investigate you using a public IP at a given time. All clients in your WLAN will use your public IP from the ISP's point of view.
Just out of curiosity: which country is it where law enforcement demands to hand out private IPs from devices inside a local network?
- Copy Link
- Report Inappropriate Content
Thank you!!!
In response to the police question, i live in Italy and your considerations are technically right, the question is pointless. If i enforce the Facebook portal, people using smartphones can authenticate through the facebook app or do they need to enter user/password in a browser page?
- Copy Link
- Report Inappropriate Content
TodNeykos wrote
If i enforce the Facebook portal, people using smartphones can authenticate through the facebook app or do they need to enter user/password in a browser page?
According to the Omada Controller User's Guide they will be redirected to the Facebook page configured in the portal. Thus, no change for FB to sniff phone number or IMEI through their app. But they have the username of your clients and almost certainly the client's phone number in their database.
Is data miner FB still popular in Italy? In our country people left FB when papà e mamma send them friend requests ...
- Copy Link
- Report Inappropriate Content
Thank you but my question was, if the customer uses a smartphone, can the checkin on the facebook page be done "by the yet authenticated facebook app" (ie. giving permission to facebook app instead of writing down and having to remember facebook user/password)?
I ask this because 99% of the customers will not remember their facebook password at the moment they check in!
And yes, is still one of the most used socials here in Italy
- Copy Link
- Report Inappropriate Content
TodNeykos wrote
if the customer uses a smartphone, can the checkin on the facebook page be done "by the yet authenticated facebook app"
I don't know, I never used Facebook nor FB authentication.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3627
Replies: 7
Voters 0
No one has voted for it yet.