Choosing between Unifi CP and pfSense CP

Greetings all. I hope this is the correct subforum for this.

I’m helping out with a seasonal campground that offers free wifi to its guests.

All of client facing APs are Unifi AC units. There’s about 50 APs deployed and at peak, there are about 1200 devices on the network during the summer.

Right now everyone goes through a PatronSoft FirstSpot Captive Portal which has exhibited some
performance issues during peak times, so this system is the first one that is going to be replaced.

Currently all users authenticate with the captive portal either via user/pass for permanent campers or through a voucher code for temporary campers. Both the user/pass and voucher codes can be used multiple times as they are assigned to be used per-family. We’re not concerned about credentials being shared as it’s currently not something that appears to be happening.

Right now all users are being grouped into a 10mb/sec down, 5 mb/sec up limiter.

We would also like to implement extended / dynamic rate limiting controls on users that download X amount of data within a set time period ie: X GB downloaded within 7, 14, 30 days.

The Unifi CP is one option we’re looking at, as it seems to integrate nicely into the Unifi controller and seems to provide decent insights into per-client bandwidth and cumulative data usage.

The other option we’re looking at is using pfSense for CP. While the pfSense CP is easy enough to setup, the ability to easily determine “greedy” users is harder to determine compared to the Unifi CP.

Is there anyone here who has experience with both the Unfii CP and pfSense CP that could offer up some pros and cons to either system?

Thanks.

– Steve

Just an observation, for greedy users what will you do ? Cut them off / limit their speed / downloads? (sounds more trouble than it’s worth).

I’d imagine the user would seek another token to “fix” their wifi.

The traffic shaping options in pfSense might be useful to you, but looks pretty involving.

The details of “what” will be done are still TBD. For now, just being able to easily observe and identify heavy bandwidth / data users would a good start. Being able to report something like “top 10 downloaders” for periods such as 1, 7, 30 days would be a useful.

Been a while since I have set that up but you should be able to set up the pfsense captive portal with FreeRadius and have per client quotas. Mostly we bandwidth limit for these scenarios and nothing more.

I’m ok with setting up rate limiting via freeradius. What I’m having trouble with is finding an elegant way to view the accounting data.