Back to Home

Case Study

Zero-Touch Bandwidth Automation

A 67-unit Manhattan commercial building

Deployed in 3 hours

0

Tenant Ports

Managed across 4 network switches

0

Traffic Rules

Automated bandwidth enforcement

0

Hours Saved

Per month of manual work eliminated

0

Manual Steps

Fully automated monthly reporting

The Challenge

A 67-unit Manhattan commercial building offered tiered internet service to tenants -- but had no automated way to enforce bandwidth limits or audit usage. The building manager spent 15+ hours each month manually logging into 4 network switches, pulling per-port statistics, cross-referencing against a pricing spreadsheet, and compiling billing data. Errors were common. Tenant disputes were frequent. Revenue leaked through the gaps.

Network automation architecture

The Solution

Element Zero built a zero-touch automation system that authenticates to the building's UniFi network infrastructure (cloud controller + UDM Pro Max gateway), collects per-tenant bandwidth data across all 4 switches and 67 ports, enforces tiered bandwidth limits via traffic rules, and delivers a formatted billing report to the property manager's billing platform via webhook -- every month, automatically.

The system handles dual-controller architecture with different authentication methods (MFA on cloud controller, direct auth on gateway), manages 25 traffic rules for upload/download enforcement, and implements inter-VLAN isolation to prevent cross-tenant network access.

The Result

The building owner receives automated billing data on the 1st of every month with zero manual effort. Bandwidth enforcement is consistent and auditable. The 15 hours of monthly manual work has been permanently eliminated. Billing accuracy improved from approximately 85% to 100% -- every port, every tenant, every month.

Under the Hood

Dual-Controller Authentication

Two-step MFA authentication against cloud-hosted UniFi controller (UBIC_2FA cookie flow) plus single-step TOTP authentication against the local UDM Pro Max gateway. Automated TOTP code generation from seed -- no manual entry required.

Per-Tenant Bandwidth Enforcement

67 room ports configured with egress rate limits across 4 managed switches. 25 traffic rules on the UDM Pro Max gateway enforcing both upload and download limits per VLAN, mapped to the building's tiered pricing structure.

Inter-VLAN Isolation

Two firewall rules on the UDM Pro Max: accept established/related connections, drop all RFC1918-to-RFC1918 traffic. Tenants cannot see or access each other's networks.

Sample Webhook Payload

{
  "building": "Manhattan Commercial Property",
  "report_date": "2026-03-01",
  "total_ports": 67,
  "switches": 4,
  "traffic_rules": 25,
  "tenants": [
    {
      "unit": "Suite 301",
      "port": "Port 5",
      "download_limit_mbps": 50,
      "upload_limit_mbps": 25,
      "tier": "Premium"
    }
  ]
}

Architecture

Cloud Controller (134.x.x.x) manages all switches and APs. UDM Pro Max (192.168.x.x) handles gateway routing, firewall rules, and traffic rules. Automation script authenticates to both, collects data, and pushes to Make.com webhook for billing platform integration.

Have a similar challenge?

We'll assess your operations and show you exactly where automation can eliminate manual work.

Get Your Free Assessment