By following the http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_hotspot.php I tried to set up an hotspot, but one issue I ran into was whatever numbers I put into the rate-limit, there is no data rate limiting for the users with this profile.
Can anyone running 2.9.40 confirm that the user profile rate-limit is indeed working or not?
# jan/01/2000 02:32:15 by RouterOS 2.9.40
# software id = F2UG-3TT
#
/ ip hotspot
add name="hotspot1" interface=wlan2 profile=hsprof1 idle-timeout=5m \
keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot ip-binding
add address=192.168.10.123 server=hotspot1 comment="" disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" \
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
add name="hsprof1" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot \
rate-limit="" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 \
login-by=cookie,http-chap http-cookie-lifetime=3m split-user-domain=no \
use-radius=no
/ ip hotspot user
add server=hotspot1 name="guest" password="guest" profile=uprof1 comment="" \
disabled=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m \
status-autorefresh=1m shared-users=1 transparent-proxy=yes \
open-status-page=always advertise=yes \
advertise-url=http://www.mikrotik.com/,http://www.routerboard.com/ \
advertise-interval=10m advertise-timeout=3m
add name="uprof1" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m \
shared-users=10 rate-limit="100k/10k" transparent-proxy=yes \
open-status-page=always advertise=yes \
advertise-url=http://www.mikrotik.com/ advertise-interval=3m \
advertise-timeout=3m
I’ve got some change: user profile rate limit does nothing, but server profile rate limit does work.
Is it correct?
# jan/01/2000 02:40:06 by RouterOS 2.9.40
# software id = F2UG-3TT
#
/ ip hotspot
add name="hotspot1" interface=wlan2 profile=hsprof1 idle-timeout=5m \
keepalive-timeout=none disabled=no
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot ip-binding
add address=192.168.10.123 server=hotspot1 comment="" disabled=no
/ ip hotspot profile
set default name="default" hotspot-address=0.0.0.0 dns-name="" \
html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0 \
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d \
split-user-domain=no use-radius=no
add name="hsprof1" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot \
rate-limit="100k/100k" http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 \
login-by=cookie,http-chap http-cookie-lifetime=3m split-user-domain=no \
use-radius=no
/ ip hotspot user
add server=hotspot1 name="guest" password="guest" profile=uprof1 comment="" \
disabled=no
/ ip hotspot user profile
set default name="default" idle-timeout=none keepalive-timeout=2m \
status-autorefresh=1m shared-users=1 transparent-proxy=yes \
open-status-page=always advertise=yes \
advertise-url=http://www.mikrotik.com/,http://www.routerboard.com/ \
advertise-interval=10m advertise-timeout=3m
add name="uprof1" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m \
shared-users=10 transparent-proxy=yes open-status-page=always \
advertise=yes advertise-url=http://www.mikrotik.com/ advertise-interval=3m \
advertise-timeout=3m
I found out something important - limits in user profile apply only at the time of the user login. First login will create dynamic queue and it will stay there until the user will expire. Any user profile limit change during that time will not affect this dynamic queue.
bjohns
March 18, 2007, 1:36am
4
Correct.
If using RADIUS you could send a CoA packet and change it on the fly, I think - I’ll be trying it shortly anyway.