I’m trying to figure out how to have my second hotspot use a different user profile then the first. We use Active Directory with our offsite RADIUS for authentication. I’m able to setup bandwidth limiting at an IP level by using the User Profile, but I need to set different limits for the second Hotspot that I have running. I don’t see a place where I can select the user profile for the second hotspot.
RouterOS V6.35.3 on RB3011UiAS
Thanks in advance for any and all help.
I’m still struggling with this. Anyone have any ideas?
I’ve tried to setup PCQ Queues, but can’t get them working properly…
Hi, look this…
http://forum.mikrotik.com/t/hotspot-radius-groups/58993/1
Or this…
http://forum.mikrotik.com/t/radius-attribute-example/54544/1
Thanks for the reply juliokato, but I’d like to have RouterOS do this, not my RADIUS server. We have the option to set different user profiles, but no option to select what hotspot server uses what user profile. Seems like this should be an option, no? Why even give the option of different user profiles, if you can’t use any of them for the different hotspots you may be running. Currently I have a few RB3011’s deployed, and most of them run 2 hotspots, some more.
I’m only able to set the User Profiles for users that are created locally on the router’s hotspot configuration window.
Is there a way to have the router set different rate limits based on the subnet users are authenticated on?
172.20.32.0/22 - Rate Limit of 30M/30M
172.20.42.0/22 - Rate Limit of 50M/50M
Hello there again, I’m still struggling with this issue.
I’m now running RouterOS v6.39.2, and still the hotspot servers are unable to use different user profiles with specific bandwidth limits. The Wiki document (link below) about this exact feature says the hotspot server should be using what ever specs I have configured in the user profile.
This does not work. Any hotspot servers use only the original user profile setup.
Please Help.
https://wiki.mikrotik.com/wiki/Hotspot,_apply_different_limits_and_different_traffic_priorities
why can you not create 2nd user profile under the same hotspot server?
set [ find default=yes ] idle-timeout=6m mac-cookie-timeout=6h name=Guest rate-limit="1M/2M 1500K/4M 1M/2M 80/80 8" \
session-timeout=30m shared-users=2 status-autorefresh=2m
add idle-timeout=8h name=admin shared-users=5 status-autorefresh=5m transparent-proxy=yes
add idle-timeout=6h mac-cookie-timeout=1d name=staff queue-type=pcq-download-default rate-limit=\
"512K/1500k 768K/2M 512K/1500k 60/60 8" shared-users=4 status-autorefresh=5m transparent-proxy=yes
add idle-timeout=5m mac-cookie-timeout=30m name=Bistro rate-limit="1M/2M 1500K/4M 1M/2M 80/80 8" session-timeout=30m \
shared-users=50 status-autorefresh=2m
then you create local user under that profile, Mikrotik will check local username first, before checking Radius. so if it finds a matching user on the router, it will not check the Radius database.
if, for any reason you have to use two hotspot server on two interfaces, fine. you can stil create more than one user profile. again, Mikrotik will check local users first.
Thanks for the reply solar77, I’m able to create other user profiles, and I’m able to even select the different profiles in the servers tab. RouterOS doesn’t seem to want to read the new user profile for the second hotspot, It seems to revert back to the original “default” profile with the wrong rate limits. I’m seeing this with v6.37.4 and v6.39.2. Both are RB3011’s.
We don’t have any active users listed in the hotspot “Users” tab. All of our users are in our offsite radius server.
I’m just very confused as to why RouterOS is ignoring the second User Profile, and defaulting to the other User Profile.
Just to be clear:
Hotspot A - User Profile A - 5M/20M
Hotspot B - User Profile B - 10M/50M
When a user connects to Hotspot B, they are getting the rate limiting for Hotspot A. Even though I have user profile B, selected as the profile for Hotspot B.
I think the main issue is, that we are using a RADIUS server for our user database. It looks like RouterOS will only select a “User Profile”, if the user is listed in the “Users” (RouterOS>IP>Hotspot>Users).
I guess my question is, how can I set per IP limits for each ip range.
example
172.20.32.0/24 - 5M/20M - Hotspot A
172.20.42.0/24 - 10M/30M - Hotspot B
I already have VLAN’s setup, and am able to have users connect sucusfully to both hotspots. But I need to have different rate limits set for each hotspot user.
Hotspot A users each get 5M/20M and each hotspot B user gets 10M/30M
How do I achieve this while using an offsite RADIUS server?
If I setup a simple queue with Max Limit/Burst Limit/Burst Threshold/Limit At = 10M/50M queue type= pcq-upload/pcq-download, will that by default grab all of the traffic in that ip range and limit it to 5M/50M in total, or will this allow each active IP in that pool the 5M/50M rates? Is this a Dynamic queue? If so, can I set a min amount of bandwidth as well as a Max?
OK if you are using an external RADIUS server, Mikrotik will check local database first (your hotspot user list), if nothing machines the username, it will contact the RADIUS.
You really need to set up those limits on the Radius server,
Thanks again for the reply solar. I was really hoping there was a way to have RouterOS do this locally at the router level, and not have to do this with the RADIUS. But if that’s literally the only way to do this, then I’ll just have to do it.
Seems to me there should be a way to have RADIUS authenticated users, have the rules of a specific user profile applied to them. All the limiting is happening with in the router, on it’s level, not with the RADIUS. By default all authenticated RADIUS users use the first created user profile.
I just wish there was a way to select a different user profile, for the hotspot server they are connected to (regardless of RADIUS). As in Hotspot A uses User Profile A and Hotspot B uses User Profile B and so on. (RouterOS is this something that you might be able to do in the future?! Seems simple enough.)
I’ll have to get with my software developers that manage my RADIUS server, and see if I can be given access to the RADIUS to make these changes. This is the primary reason why I was trying to not make these changes in the RADIUS server. I really feel this should be able to be done locally on the router.
http://forum.mikrotik.com/t/hotspot-aaa-active-directory-different-user-profiles/44220/1
I believe this is related to your issue with radius. You should be able to use simple queue or queue tree to apply queues to your IP ranges.