Single WLAN with dynamic VLAN rate limiting

  • 1
  • Question
  • Updated 3 weeks ago
  • Answered
We have an SSID setup with 802.1x authentication. The Virtual Smart Zone places you in the correct VLAN (Dynamic vlan) depending on your group membership. We want to rate limit one of the VLANs. What is the best solution and is this possible?
Photo of Stephen Radelicki

Stephen Radelicki

  • 1 Post
  • 0 Reply Likes

Posted 3 months ago

  • 1
Photo of Marcus Burton

Marcus Burton, Official Rep

  • 14 Posts
  • 8 Reply Likes
The best way to accomplish this is to use SmartZone role-based policy. When you get group membership (group attribute) from RADIUS, you can use that attribute to assign the user/device to a role, which has a User Traffic Profile (UTP) assigned to it. That UTP can contain L3-7 policies as well as rate limiting. Configuration steps are as follows:
  1. create a UTP with the rate limit policy (you can also do this from the role context, so it's an easier UI flow)
  2. create a role and tie that UTP to it
  3. configure your attribute-to-role mapping within the AAA server profile 
Photo of Jeronimo

Jeronimo

  • 174 Posts
  • 19 Reply Likes
Marcus is perfectly conrrect.

And You must prepare ruckus VSA on ruckus server.




 It must also send VSA with auth-accept-packet on Radius server.


Then STRING into Ruckus-vsa and Role including UTF and VLAN is bound on vSZ.

Thanks.
Photo of Cicalon

Cicalon

  • 3 Posts
  • 0 Reply Likes
Hi guys. I have similar issue. One SSID, dynamic vlan with 10 vlans. In each vlan I will have max 5 users. I want to apply rate limit for vlan: 10 Mbps for vlan1, 20 Mbps for vlan2, 30 Mbps for vlan3 and so on. Rate limit I want is for entire vlan, not for single user. I followed Marcus's suggest and I think in point 3 he indicates to create many User Traffic Profile mapping. Group attribute has the same name of group greated on radius server.



After that, do I need to add some configurations on radius server or ruckus SZ? I cannot undestand the indications of Jeronimo. 

Thank you!