1. Overview
Custom policies are used to restrict the traffic with specific IP addresses based on the smart flow control function,thereby meeting the bandwidth requirements of specific users or servers. When you create a custom flow control policy, you can flexibly configure the limited user range, the bandwidth limit, the limited application traffic, and the ratelimit mode. When a custom policy is enabled, it takes precedence over the smartflow control configuration.
Custom policies fall into common policies and VPN policies.
Common policies include the custom policies configured on the Eweb or Ruijie Cloud and the flow control policies configured on Ruijie Cloud for authentication accounts. Common policies manage common traffic.
Common policies and VPN policies are used tomanage common traffic and VPN traffic, respectively.
2. Getting Started
Before you configure a custom policy, enablesmart flow control first. For details, see: community.ruijienetworks.com/forum.php?mod=viewthread&tid=7935&extra=page%3D1
3. Configuration Steps
Choose One-Device >Gateway > Config > Behavior>Flow Control > Custom Policy.
(1) Set Policy Type.
*Note
The flow control policies configured on Ruijie Cloud and Eweb are displayed in the Normal Policy list. The flow control policies for authentication accounts configured on Ruijie Cloud cannot be edited or deleted on Eweb. You can only enable or disable these policies and change the priority of them. (2) (Optional) Switch the application library
*Note
This feature is only supported on RG-EG105G-V2and RG-EG210G. - The application lists vary in different regions. The Chinese and International versions of the application library are provided. Please select the version based on the regions.
- Click to select Application Library Version and click OK. The version is switched after a few minutes.
*Caution
- It takes about one minute to switch the application library version. Please wait.
- If you switch the application library, the template of the application priority will be reset, and the old application control policy may be inactive. Please proceed with caution.
(3)Set a custom policy
Set Policy Type to Normal Policy and click Add tocreate a custom flow control policy.
a. Set a custom policy.
You can setup to 30 custom common policies, including the custom policies configured on Eweband Ruijie Cloud.
You can setup to 20 flow control policies for authentication accounts on Ruijie Cloud. TheEweb only displays these policies.
b. Configure items related to a common policy
Table 1-1 Configuration of a Custom Policy
Parameter | Description | Policy Name | A policy name uniquely identifies a custom flow control policy. It cannot be modified. | Type | The type of a flow control policy can be set to the following:
>User Group: Indicates that the policy is applied to users in a specified user group. You need to select a user group to be managed.
>Custom: Indicates that the policy is applied to users in a specified IP address segment. You need to manually enter the IP address range to be managed. | User Group | Select a user to be managed by the policy from the user group list.
If you select all members of a user group, the policy takes effect on the entire user group (it also takes effect on members added to the user group later).
This parameter is required when Type is set to User Group. | IP/IP Range | Specify the IP address range for the flow control policy to take effect. When Type is set to Custom, enter the IP address manually. You can enter a single IP address or an IP address segment.
This parameter is required when Type is set to Client.
The IP address range must be within a LAN segment.
You can choose One-Device > Gateway > Monitor > Ethernet status to check the network segment of the current LAN port. For example, the network segment of the LAN port shown in the figure below is 192.168.2.0/24.
| Bandwidth Type | >Shared: Indicates that all users in a user group (all IP addresses in an address range) share the configured uplink and downlink bandwidths, and the bandwidth of a single user is not limited. l >
Independent: Indicates that all users in a user group (all IP addresses in an address range) share the configured uplink and downlink bandwidths, and the maximum bandwidth of a single user can be limited. | Application | When Bandwidth Type is set to Shared, the flow control policy can be configured to take effect only on specified applications.
>All Applications: Indicates that the flow control policy takes effect on all applications in the current application library.
>Custom: Indicates that the flow control policy takes effect only on specified applications in the application list.
>Application Group:Indicates that the flow control policy takes effect only on specified applications in the application list.
When Bandwidth Type is set to Independent, some models do not support application selection and the flow control policy takes effect on all applications in the current application library by default.
For the models, contact technical support engineers. | Application List | When Application is set to Custom, it specifies the applications, on which the policy takes effect. The traffic of the selected applications is subject to the policy. | Application Group | When Application is set to Application Group, it specifies the application groups, on which the policy takes effect. The traffic of the selected application group is subject to the policy.
| Channel Priority | Specify the traffic guarantee level. The value range is from 0 to 7. A smaller value indicates a higher priority and the value 0 indicates the highest priority.
Different traffic priority values correspond to different application groups in an application template. 2 indicates the key group, 4 indicates the normal group, and 6 indicates the suppression group.
| Bandwidth Limit | Configure whether to limit the bandwidth.
>Limit Kbps: You can set the uplink and downlink bandwidth limits as needed.
>No Limit: When the bandwidth is sufficient, the maximum bandwidth is not limited. When the bandwidth is insufficient, the minimum bandwidth cannot be guaranteed. | Uplink Bandwidth | Configure the data transmission rate in uploading, in Kbps. It includes Limit-at, Max-Limit, and Max-Limit per User.
>Limit-at: Specifies the minimum bandwidth that can be shared by all users when the bandwidth is insufficient.
>Max-Limit: Specifies the total maximum bandwidth that can be occupied by all users when the bandwidth is sufficient.
>Max-Limit per User: Specifies the maximum bandwidth that can be occupied by each user when multiple users share the bandwidth. It is optional and can be configured only when >Bandwidth Type is set to Independent. The rate is not limited by default. | Downlink Rate | Configure the data transmission rate in uploading and downloading, in Kbps. It includes Limit-at, Max-Limit, and Max-Limit per User.
>Limit-at: Specifies the minimum bandwidth that can be shared by all users when the bandwidth is insufficient.
>Max-Limit: Specifies the total maximum bandwidth that can be occupied by all users when the bandwidth is sufficient.
>Max-Limit per User: Specifies the maximum bandwidth that can be occupied by each user when multiple users share the bandwidth. It is optional and can be configured only when Bandwidth Type is set to Independent. The rate is not limited by default. | Interface | Specify the WAN port, on which the policy takes effect. When it is set to All WAN Ports, the policy will be applied to all WAN ports.
| Enabled | Set whether to enable the flow control policy. If it is disabled, the policy does not take effect.
| *Caution
After switching the application library version, you may need to reconfigure the application list. c. Click OK. a. Set Policy Type to VPN Policy and click Add tocreate a custom VPN flow control policy. A maximum of 10 VPN policies can be configured.
b. Configure items related to a VPN policy
Table 1-2 Configuration of a Custom VPN Policy
Parameter | Description | Policy Name | A policy name uniquely identifies a custom flow control policy. It cannot be modified. | Type | The type of a flow control policy can be set to the following:
>User Group: Indicates that the policy is applied to users in a specified user group. You need to select a user group to be managed.
>Custom: Indicates that the policy is applied to users in a specified IP address segment. You need to manually enter the IP address range to be managed. | User Group | Select a user to be managed by the policy from the user group list.
If you select all members of a user group, the policy takes effect on the entire user group (it also takes effect on members added to the user group later). This parameter is required when Type is set to User Group. | IP/IP Range | Enter an IP address or IP range manually. This parameter is required when Type is set to Client. | Effective User | Specify the type of effective users. It can be set to the following:
>Internal IP/User: For a gateway, IP addresses of clients connected to the gateway are internal IP addresses.
>External IP/External User: For a gateway, non-gateway internal IP addresses are external IP addresses.
The configuration suggestions are as follows:
1. When clients are configured to control VPN traffic, select Internal IP/ User to control the traffic of internal network users. When the VPN server is configured to control the VPN traffic, select External IP/External User to control the traffic of external network users.
2. For the VPN of the NAT model, the external IP address of the server must be in the IP address segment of the VPN address pool.
3. For the VPN in router mode, the IP address segment must be set to IP addresses of restricted users. For the VPN in router mode, to configure flow control on internal IP addresses of clients, set internal IP addresses to the IP addresses of the flow control objects.
Note: The external IP address configured by the Open VPN server is the IP address of the address pool. The internal IP address configured by the client is the actual IP address of the client. | Application | When Bandwidth Type is set to Shared, the flow control policy can be configured to take effect only on specified applications.
1. All Applications: Indicates that the flow control policy takes effect on all applications in the current application library.
2. Custom: Indicates that the flow control policy takes effect only on specified applications in the application list.
3. Application Group: Indicates that the flow control policy takes effect only on specified application groups. The traffic of applications involved in the application group is subject to the policy.
When Bandwidth Type is set to Independent, some models do not support application selection and the flow control policy takes effect on all applications in the current application library by default.
For the models, contact technical support engineers. | Application List | When Application is set to Custom, it specifies the applications, on which the policy takes effect. The traffic of the selected applications is subject to the policy.
| Application Group | When Application is set to Application Group, it specifies the application group, on which the policy takes effect. The traffic of the selected application group is subject to the policy.
| Bandwidth Limit | Configure whether to limit the bandwidth.
>Limit: You can set uplink and downlink bandwidth limits as needed.
>No Limit: When the bandwidth is sufficient, the maximum bandwidth is not limited. When the bandwidth is insufficient, the minimum bandwidth is not guaranteed. | Uplink Bandwidth | Configure the maximum uplink bandwidth shared by VPN users matching the policy in Kbps.
When the bandwidth is shared by multiple users, you can also set the maximum uplink bandwidth per user in Kbps. The uplink bandwidth is not limited by default. Note: The parameter is valid when Bandwidth Limit is set to Limit Kbps.
| Downlink Rate | Configure the maximum downlink bandwidth shared by VPN users matching the policy in Kbps.
When the bandwidth is shared by multiple users, you can also set the maximum downlink bandwidth per user in Kbps. The downlink bandwidth is not limited by default.
Note: The parameter is valid when Bandwidth Limit is set to Limit Kbps.
| Interface | Specify the VPN port, on which the policy takes effect. When it is set to All VPN Ports, the policy will be applied to all VPN ports.
| Enabled | Set whether to enable the flow control policy. If it is disabled, the policy does not take effect.
| c Click OK.
(4) View Custom Policies
The currentcustom policies are displayed in the PolicyList section. You can modify and delete a custom policy. To delete multiplecustom policies in a batch, select the desired policies and click Delete Selected.
○Normal policy list
○VPN policy list
Table 1-3 Policy list information
Parameter
| Description
| Application List | The Application List contains the applications to which the policy is valid. If the Application Library matches with the Application that is set to Custom andsupported by the policy, is displayed in the Application List. If not, is displayed. | Status
| Indicate whether the current policy is enabled. You can click to edit the status. If the Application Library does not match with the Application that is set to Custom and supported by the policy, you cannot edit the Status directly. Please click Edit in the action bar to edit the policy or switch the application library.
| Effective State
| Indicate whether the policy is effective in the current system. If Inactive is displayed, check whether the policy is enabled, whether the policy-enabled port exists, and whether the Application Library matches with the Application to which the policy is valid.
| Match Order
| All the created custom policies are displayed in the policy list, with the latest policy listed on the top. The device matches the policies according to their sorting in the list. You can manually adjust the policy matching sequence by clicking or in the list.
| Action
| You can modify and delete the custom policy.
|
|