We want to limit the users Internet usage on a daily traffic basis but not the local network bandwidth. Our users are on different platforms (Windows, Android, IOS), therefore it is not possible to force any policies by e.g. Active Directory, and if it would be possible, it would limit the whole bandwidth. The only way that remains is to do the limitation on an IP basis at the edge of the network. This is possible using Mikrotik or other firewalls. But the problem is, that users can change their IPs when the limit is reached, and they can continue using the internet bandwidth. So the idea was to make sure that users can only pass when their mac address and the IP assigned through our DHCP server match. This should be possible in cisco switches and could be done on the core switch. I think i have read something about the connection between Cisco Switches and the DHCP Server.
The question is how is this possible, or is there any other solution that might be easier and more efficient?
We use APs, Cisco 2960 switches, and a Cisco 4500 as core switch. Our DHCP is FreeBSD but we are willing to change if it is needed. The authentication method for our APs is 802.1x.
EDIT:
We tried a solution using RADIUS server which gave us the possibility to know how much traffic was used by each user (through port 1812/1813), but the problem was the only way to limit the user is to not allow him to connect when his limit was reached. That means, until the user doesn't reconnect, he is able to download without any restriction.
We also thought of a Proxy server as a solution, but we had two problems:
- We had performance issues with squid and installing squid as a transparent proxy is too much work.
- Other proxies also had performance issues, and those who performed well, didn't have the feature to be used as a transparent proxy.