Authorisation & Accounting

hoop-banger · June 16, 2006, 9:54pm

Hallo to all,

first, i would like to apologize if I’m asking something which was already discussed, but, belive me, i spend a couple of hours reading this forum and i still didn’t find a suitable solution for me. Thats because I’m writing this post.
Here is my situation. I have MT Router OS with two interfaces. Wireless interface is public and Ethernet is local. Wireless is connected to ISP. Ethernet is connected to another AP (AP1). AP1 is connected with one more AP (AP2) trough wireless interface using WDS. Clients are connecting to AP1 or AP2. Clients are connected for 24/7 in local wireless community network and there should be no restrictions. Mikrotik router is gateway for that community network.
What i need is:

Authorization for clients by MAC and IP address (pair) when they try to access to Internet.
Internet traffic accounting for each client.
Mechanism to deny access to Internet for client who excide it’s quota (4GB for example).

Which is the simplest way to do it?
I’m a beginner with Mikrotik and this stuff so examples are welcome.

Any help is appreciated.

hoop-banger

savage · June 17, 2006, 7:54am

You’ll have to look at Radius for this… And yes, Radius can accommodate all your requirements with a bit of configuration…

hoop-banger · June 24, 2006, 8:39am

Huh, not much of the help.
Thanks but I knew that at the first place. I didn’t post this without searching and reading this forum first.
However, i have been installed freeradius and mysql and tried to follow examples found here and at mikrotik wiki but without much success. I’ll try to do it again now.
In meanwhile, I’ll be grateful to you guys to write me basic instruction on how to do it correctly. Write me what do i need to complete task no.1, 2 and 3 from my list. Just point me in the right direction, I’m not asking for walktrough (but it can’t hurt ) Give me links if you wrote something similar before.
Thanks in advance.

Eugene · June 26, 2006, 9:02am

RADIUS: http://wiki.mikrotik.com/wiki/How_to_setup_up_RADIUS_for_use_with_MikroTik_-_By_Ramona

MAC auth and quota: http://www.mikrotik.com/docs/ros/2.9/guide/aaa_hotspot||0.5966692688004164

savage · June 26, 2006, 9:06am

Calling-Station-Id Check Item, Framed-Pool Check Item (using Radius IP Pools)
Perl script / MRTG / RRD quering against your Accounting Database. This is far beyond the scope of Radius OR Mikrotik - Radius merely logs what MT sends it - but you knew that.
Custom authentication handlers, during authorisation query the data totals in accouting, if more than x, deny authentication, else, allow authentication (rlm_exec, rlm_perl are good options here)