I have a small wireless network served by consumer satellite
access that serves a small number of users in a few cabins.
These users log in at specific times of the day using a Hotspot
login. As the bandwidth allocation for the satellite connection
is small, I have Hotspot set up to deny them access if they
reach a certain amount for a given day. The counters reset at
midnight and the cycle repeats.
This had been working well until recently. If they hit the
limit (which happens only rarely), the login displays a msg. that
they will have to try again tomorrow.
A few days ago, the upload total (per the tracking app for the
satellite connection) started rising dramatically, even though
the counters for Hotspot showed no corresponding increase and
there were no users shown in the hotspot>>Active window.
I finally figured out that two Apple devices that were connected
to the network but not logged in via Hotspot were the culprits
because as soon as I added them to the MAC exclusion list for
the AP they were connected to, the “mystery” upload stopped.
So, I have a couple questions:
Is it possible for a device to generate traffic on a network
just by being connected to an AP and WITHOUT actually being logged
in via the Hotspot page? Can this traffic actually get out
through the gateway and add to the total usage without incrementing
the Hotspot counters?
I suspect this is true - when researching the problem, I have found
information that Apple devices are truly evil in their use of the
Internet even when the user has just left it turned on and sitting
on a table. All kinds of dumb music library syncing and other
stuff. This may be a specific app installed on one or the other
of these devices that’s doing this as I have had many other Apple
devices on the network before and this never happened.
Any pointers on how to block this traffic? I have some info on
specific ports Apple uses, and will probably implement some of that,
but wanted to see if you folks had some experience here. All I
want to allow these folks to do is check their email and do a small
amt. of Web browsing. I have already blocked stuff like video
streaming, etc.
Is there any way to have a limit on ALL traffic passing through
eth2-master and shut it down similar to what Hotspot does?
It has been no fun at all needing to pay so much attention to the
network over the past few days and manually manipulate things. I
need it to take care of itself.
Thanks for your input.