Is it possible to limit bandwidth for specific client?

[Flyview]

Hey guys,

I have an Asus N66U router and I've been using the Merlin build which is great. I've been trying to find an option to limit the bandwidth specific clients on the Wifi or for the "Guest" access. We have a tenant sharing our internet and I'd rather not let him access the full bandwidth so that we don't go over. The best I've found is playing with the QoS rules but that doesn't apply it only to a specifc IP or the guest network.

Is something like this possible?

Thanks,

Flaviu

 

[Calisro]

one way:

tc qdisc add dev tun12 parent root handle 1: hfsc default 11
tc class add dev tun12 parent 1: classid 1:1 hfsc sc rate 50mbit ul rate 50mbit
tc class add dev tun12 parent 1:1 classid 1:11 hfsc sc rate 49000kbit ul rate 49000kbit
tc class add dev tun12 parent 1:1 classid 1:12 hfsc sc rate 40kbit ul rate 40kbit
tc qdisc add dev tun12 parent 1:11 handle 11:1 pfifo
tc qdisc add dev tun12 parent 1:12 handle 12:1 pfifo
iptables -t mangle -I FORWARD 1 -s 10.100.1.16 -j CLASSIFY --set-class 1:12
iptables -t mangle -I FORWARD 1 -s 10.100.1.15 -j CLASSIFY --set-class 1:12


my example was with tun12.... You set the default and put the "other" client in a different class.

 

[Flyview]

one way:

tc qdisc add dev tun12 parent root handle 1: hfsc default 11
tc class add dev tun12 parent 1: classid 1:1 hfsc sc rate 50mbit ul rate 50mbit
tc class add dev tun12 parent 1:1 classid 1:11 hfsc sc rate 49000kbit ul rate 49000kbit
tc class add dev tun12 parent 1:1 classid 1:12 hfsc sc rate 40kbit ul rate 40kbit
tc qdisc add dev tun12 parent 1:11 handle 11:1 pfifo
tc qdisc add dev tun12 parent 1:12 handle 12:1 pfifo
iptables -t mangle -I FORWARD 1 -s 10.100.1.16 -j CLASSIFY --set-class 1:12
iptables -t mangle -I FORWARD 1 -s 10.100.1.15 -j CLASSIFY --set-class 1:12


my example was with tun12.... You set the default and put the "other" client in a different class.

Thanks. That's interesting. And where does all this go? Was all that setting up class 12 and putting the "other" in it? Is the default class 11 in this case?

 

[RMerlin]

FYI, Asus is implementing a bandwidth limiter in future firmware releases. It's already available in recent public beta releases for the RT-AC87U and RT-AC3200 (but still a work-in-progress).

 

[Flyview]

FYI, Asus is implementing a bandwidth limiter in future firmware releases. It's already available in recent public beta releases for the RT-AC87U and RT-AC3200 (but still a work-in-progress).

Sweet thanks! I'm sure it will make its way into your builds?

 

[RMerlin]

Sweet thanks! I'm sure it will make its way into your builds?

Yes. I don't know yet which specific router models will gain that feature, and note that it's an alternative QoS mode, so you can't run QoS at the same time as the bandwidth limiter.

 

[Flyview]

Yes. I don't know yet which specific router models will gain that feature, and note that it's an alternative QoS mode, so you can't run QoS at the same time as the bandwidth limiter.

Alright. Until then do you recommend Calisro's way above and can you point me to any sort of guide at all?

 

[Calisro]

Thanks. That's interesting. And where does all this go? Was all that setting up class 12 and putting the "other" in it? Is the default class 11 in this case?

I put it in firewall-start when I need it.

You need to be careful and set up the default first. Order is very important even when testing. Make sure it works for you BEFORE you put in any startup.

class 11 is the default. It has almost all the bandwidth.
class 12 is given only dl 40kbit ul rate 40kbit (I made this REALLY small just for testing).

Then these assign specific IPs to class 12.

iptables -t mangle -I FORWARD 1 -s 10.100.1.16 -j CLASSIFY --set-class 1:12
iptables -t mangle -I FORWARD 1 -s 10.100.1.15 -j CLASSIFY --set-class 1:12

This is NOT as good as real QOS but works in a pinch.

 

[kvic]

There is a similar thread outside. With a more elaborate use of tc. Limit a client seems a special case of that..

 

[coldkick]

Yes. I don't know yet which specific router models will gain that feature, and note that it's an alternative QoS mode, so you can't run QoS at the same time as the bandwidth limiter.

Does HW Accel. work the bandwidth limiter?

 

[RMerlin]

Alright. Until then do you recommend Calisro's way above and can you point me to any sort of guide at all?

Can't help you, I'm not familiar with Linux's traffic classifier.

 

[RMerlin]

Does HW Accel. work the bandwidth limiter?

Yes (only CTF, not FA).

 

[Flyview]

I put it in firewall-start when I need it.

You need to be careful and set up the default first. Order is very important even when testing. Make sure it works for you BEFORE you put in any startup.

class 11 is the default. It has almost all the bandwidth.
class 12 is given only dl 40kbit ul rate 40kbit (I made this REALLY small just for testing).

Then these assign specific IPs to class 12.

iptables -t mangle -I FORWARD 1 -s 10.100.1.16 -j CLASSIFY --set-class 1:12
iptables -t mangle -I FORWARD 1 -s 10.100.1.15 -j CLASSIFY --set-class 1:12

This is NOT as good as real QOS but works in a pinch.

Thanks. Where are all these commands entered? Is there a console I've missed in the router pages?

 

[Calisro]

Thanks. Where are all these commands entered? Is there a console I've missed in the router pages?

you can use the /jffs/scripts/firewall-start script but make sure you have them right and tested before you put them jn there. there isnt a gui. you'd use ssh or telnet