T
T
Talyan2019-09-02 16:23:13
linux
Talyan, 2019-09-02 16:23:13

How is subscriber Internet via Wi-Fi usually implemented?

To make it clearer, I will first describe what I am trying to achieve, and then I will specify the questions.
There are subscribers who connect to the access point. Somewhere, mac-addresses are predefined, and using them the subscriber rushes to the VLAN defined for him. Separate VLANs are needed to differentiate tariff rates.
Subscribers are divided into groups (families), each family has its own tariff and speed limit.
How it is implemented now:
Debian on which IPoE sessions are raised on virtual interfaces.
Each subscriber has its own VLAN of the VLAN2XXX, VLAN2YYY, VLAN2ZZZ types, and each such interface receives a dynamic IP from BRAS and, accordingly, a speed limit corresponding to the tariff.
Next, paired VLANs are created on Debian, which correspond to subscribers: VLANXXX, VLANYYY, VLANZZZ.
Forwarding and routing are configured between each pair of VLAN2XXX-VLANXXX, VLAN2YYY-VLANYYY, VLAN2ZZZ-VLANZZZ.
Pair interfaces VLANXXX-VLAN2XXX, etc. are needed only so that VLAN2XXX via DHCP via IPoE from BRAS receives Internet at a certain rate, and already on the paired VLANXXX interface a separate DHCP server with a separate pool of addresses is raised and this speed is distributed to several addresses in the family (not to one Wi-Fi device ).
All paired VLANXXX, VLANYYY, VLANZZZ are packed using QinQ into one VLAN, go out of the Debian network interface, enter the network, go to the terminal switch in the building, where they are deployed on the switch port into separate VLANXXX, VLANYYY, VLANZZZ and using MAC- VLAN (which is manually hammered for each poppy) there is an assignment to certain poppies certain VLAN. Poppies on this switch come from a nearby access point (the most common), in which DHCP is disabled.
There is also a separate guest VLAN, where poppies that are not registered in the MAC-VLAN table fall. They are thrown into a separate VLAN where a page for authorization and a proposal for registration pops up.
That is, there are a lot of families with their own tariffs, their devices are grouped into VLANs, and each such family VLAN has its own tariff.
I do not like this scheme somehow, even though it works.
Question 1: Maybe someone knows how to more delicately solve such a problem? Maybe there are such not very expensive access points that can both MAC-BASED-VLAN, and at the same time deploy QinQ?
Question 2: Can this be implemented in a very simple way, and I reinvent the wheel?
Question 3: Can anyone work with such things and tell you ready-made solutions?
If at the end of reading this reading you ask - why is this necessary? I will answer - well, damn it, that's it :)

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Andrey Barbolin, 2019-09-02
@dronmaxman

How to you a variant with iptable?
Assign IP addresses to clients, write a condition in iptables preroute that will label packets of the same family in the same way, and set limit in the forward according to the marking condition.

I
iddqda, 2019-09-02
@iddqda

Sorry, I didn’t understand why you need dual vlans and
you probably have a lot of QinQ points. To control them you need a controller.
Normal points with a controller control the set speed themselves.
And then in a wired environment, you can put everyone in one vlan and issue DHCP from a common pool.
Look as an example of an inexpensive and quite mature solution at Unifi.
The points are reasonable, the controller is free. Allows you to make user groups, speed limits, different types of authorizations. Supports external captive portal. there is a restful api and libraries for pythons and js

W
WERA34, 2019-10-30
@WERA34

Now the most powerful Internet in transport is Fiway, it really pulls 50 passengers at the same time and the switch is from operator to operator, in different countries, very cool

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question