Hi

i have PPPoe server providing home user services , the problem is that some people configure PPPoe client in Mikrotik and by using PCC load balance that can get more than one PPPoe client to be them WAN side and in the LAN side they configure PPPoe server and they are getting them full BW limit continuously and this is congest my network ..

the question here ..

can i block all users using Mikrotik PPPoe client ?
Can i block or reduce the traffic for the users who use continuous load for specific time ?

Thanks

Hi,

So you use Userman?
Do you alow your Users to do multible connections
With One Userman/Passwort Set?

Mistry7

Hi,

So you use Userman?
Do you alow your Users to do multible connections
With One Userman/Passwort Set?

Mistry7

Correct, make sure you "only allow 1" pppoe connection per user... then they cannot make multiple connections.

i already did ,, and its ok only one connection but my problem is the user connect with only one user through PPPoe client and configure his LAN as DHCP and connect multi PCs to his DHCP server and this is will do continous load on the user ..

what i want to do is to :

either disable users with continuous load or reduce them load
or disable the users of Mikrotik MAC address range so they can not connect using PPPoe client

Hi,

So you use Userman?
Do you alow your Users to do multible connections
With One Userman/Passwort Set?

Mistry7

Correct, make sure you "only allow 1" pppoe connection per user... then they cannot make multiple connections.

Disable Mikrotik PPPoE client??? What good would that do? Any consumer router from Walmart can connect to PPPoE and then you can connect multiple PC's to that. It doesn't require a mikrotik router to connect multiple PC's to a single PPPoE connection.

You are giving 1 PPPoE connection to your customer. Basically, they are going to use multiple PC's with that connection, period. That's the normal thing to do these days.

What you should be looking at is QOS on your main router for your customers. Setup PCQ or rate limiting/bursting or whatever method of the many available so you can ensure that everyone gets a fair share of bandwidth. Trying to force 1 PC per connection isn't going to be a solution.

Hi,

i think you have a major Problem in your network.
THis is not a Problem with the Mikrotik client. this can be done with all Routers with PPPoE

a) you don't have enough Backbone power (bandwidth)

b) you have a administration problem (no ability to Limit (Queues) your Users)

or

c) Both

mistry7

Thanks ,, regarding to the QOS i correctly configured the queues for users , and regarding to the Bandwidth yes its congested and that's why i'm trying to prevent users with continous load from using PPPoe client and multi PC on them DHCP .

And why only mikrotik because the people in my country only using it and use PCC load balance with 2 or 3 users and eat the BW .

i'm trying bridge filter but still no success

Hi,

i think you have a major Problem in your network.
THis is not a Problem with the Mikrotik client. this can be done with all Routers with PPPoE

a) you don't have enough Backbone power (bandwidth)

b) you have a administration problem (no ability to Limit (Queues) your Users)

or

c) Both

mistry7

This has nothing to do with your users using PCC. If your users are using too much bandwidth, then limit them further or terminate their accounts, or get more bandwidth yourself.

If you are simply determined to block mikrotik PPPoE, why don't you try blocking at the MAC-ADDRESS level?

If you are simply determined to block mikrotik PPPoE, why don't you try blocking at the MAC-ADDRESS level?

This is what i'm trying with no success ,, Mikrotik MAC address range is from 00:0C:42:00:00:00 TO 00:0C:42:FF:FF:FF
I'm trying to use bridge filter to block the all MAC range with no success .. i do appreciate if some one test to block range of MAC addresses to post it here

I can block only one MAC address but i'm looking to block range of MAC address from 00:0c:42:00:00:00 to 00:0C:42:FF:FF:FF .. is this possible ??

No you cannot set a range of MAC addresses in the firewall rules.

If you are using RADIUS you can specify how many people sign in with a given username/password. By using that attribute you can configure it so only one person can sign in with a given username at a time. If someone else tries to use it they cannot log in. You can even do that on the security-profile level of the PPPoE server. Then if your clients want to pay you for multiple PPPoE accounts so they can do this, that is up to them.

Can't this be done in Script ,, the idea is "" if pppoe client trying to connect with MAC address from 00:0c:42:xx:xx:xx then go to interface -- bridge -- filter and block the pppoe discover

but the problem that i'm not familiar with scripts

@engineertote

Once again, your Problem is Not the Mikrotik PPPoE Client, all you are discriping
Can be done with every Router. The Coustemers Usage Profile dont depends on the
Router!

Limit thoose Useres Bandwidth with your Radius, thats it!

If you find a Way to Block These Routers, what you think will Happen?
User get a New Router from another Manufaktor but your Problem is still the Same!

On a PPPoE with Radius it is quit Easy to Set Profiles for every User Typ,
and These Profiles can Not be overwritten by a Users Router!

Mistry7

I suggest reading up more on mikrotik's rate limiting or bandwidth management. From what i understand you cannot control hierarch bandwidth users consume. As told start with simple queues and move on from there.

Sent from my HTC Glacier

i do understand that the clients can use another routers from another vendors but in my country the most routers used for this Load Balance is Mikrotik .

Regarding to the BW limit , even the current users using PPPoe client with PCC can only get the limit i configured in my QOS , but my problem that they are doing continuous load and this is congestion the network.



Regards

@engineertote

Once again, your Problem is Not the Mikrotik PPPoE Client, all you are discriping
Can be done with every Router. The Coustemers Usage Profile dont depends on the
Router!

Limit thoose Useres Bandwidth with your Radius, thats it!

If you find a Way to Block These Routers, what you think will Happen?
User get a New Router from another Manufaktor but your Problem is still the Same!

On a PPPoE with Radius it is quit Easy to Set Profiles for every User Typ,
and These Profiles can Not be overwritten by a Users Router!

Mistry7

Hi,

if they do such load, it can be YOutube or tattoo or something else like Streaming.
The Usage of these Services don't depends on the Mirkotik.

With one PPPoE Connection your Users can't do PCC because they have only on Connection...
How much Bandwidth you have? And what the PPPoE Profilles you use?

eg:

I Have 30MBit and Home-Users have 3000/512 Profile

mistry7

As has been suggested why do you limit how many people can connect with a given profile/account? Would that not solve most of your problem, if someone wants to load balance with 3 or 4 lines, then they pay for 3 or 4 accounts. What difference does that make to you if they are paying? Also you do realize how trivial it is to change the MAC address on a MikroTik don't you? If your customers can setup PCC and do what you are saying, changing the MAC of the RouterBoard is nothing.

i do appreciate your following up but i think you didn't get my point .. first they are not use PCC with only one PPPoe Client

in On router they connect PPPoe client on each interface for ex. RB450 Have 4 ports , they use 3 interfaces as PPPoe client in each interface with different users and they do PCC between these three interfaces .. and to answer how i can know that they are using Mikrotik PCC .. its from MAC address of the PPPoe user .

Thanks

Hi,

if they do such load, it can be YOutube or tattoo or something else like Streaming.
The Usage of these Services don't depends on the Mirkotik.

With one PPPoE Connection your Users can't do PCC because they have only on Connection...
How much Bandwidth you have? And what the PPPoE Profilles you use?

eg:

I Have 30MBit and Home-Users have 3000/512 Profile

mistry7

Then they are paying for 3 or 4 accounts and using the traffic that they are paying for. What difference does it make to you if it's 4 PPPoE accounts with 1 user using all of their bandwidth, or 4 with PPPoE accounts with 4 different users using all their bandwidth? If people are paying for a service they expect to use it. If you need to control it, then you need to setup traffic control policies to control it. Such as giving them a monthly data cap that they are allowed to transfer through a given account, or charge them extra if they exceed a certain amount of traffic transferred. The necessary information and ability is built into Radius, you just need to build out the back end system to take advantage of it.

As for the MAC address of the PPPoE account, once again, it is trivial at best to change the MAC of a MikroTik router. So identifying routers based off of their MAC address is useless once they realize that's how you are blocking them. The only way for you to control something like that would be for you to own the router and sell it to them and not give them access into it.

If they can do PCC, surely they can change the MAC address of the eth interfaces.

[quote="Feklar"] If you need to control it, then you need to setup traffic control policies to control it. Such as giving them a monthly data cap that they are allowed to transfer through a given account, or charge them extra if they exceed a certain amount of traffic transferred. The necessary information and ability is built into Radius, you just need to build out the back end system to take advantage of it.


Good Idea ,, i'll try it