Is there a way to have a rule to throttle all clients on a wireless interface to a default 256k/512k ?
I would like to see the radius “rate” attributes used for MAC authentication to control the bandwidth throttle.
I would also like to see a “re-auth” period so that MAC authenticated clients could be easily denied service.
Is there a way to have a rule to throttle all clients on a wireless interface to a default 256k/512k ?
Take a look at PCQ in the manual. http://www.mikrotik.com/docs/ros/2.8/root/queue.main
I would like to see the radius “rate” attributes used for MAC authentication to control the bandwidth throttle.
Good idea, IMO.
I would also like to see a “re-auth” period so that MAC authenticated clients could be easily denied service.
Since I use PPPoE, I am not sure, but doesn’t the MT obey the “Session-Timeout” attribute for MAC auth?
Thanks. It will take awhile to understand how to use PCQ for the wireless clients.
Thanks. It will take awhile to understand how to use PCQ for the wireless clients.
Actually, PCQ is quite easy to do. I am assuming here that:
All you have to do is first mangle the packets you want to limit (use the IP address to set this):
/ip firewall mangle
add src-address=64.64.64.0/24 mark-flow=all-customer action=passthrough
add dst-address=64.64.64.0/24 mark-flow=all-customer action=passthrough
Next, create the PCQ type queues:
/queue type add name=up kind=pcq pcq-classifier=src-address pcq-rate=256000
/queue type add name=down kind=pcq pcq-classifier=dst-address pcq-rate=512000
(watch for wordwrap on the above 2 rules)
Finally, add them to the queue:
/queue tree add parent=inet flow=all-customer queue=up
/queue tree add parent=customer flow=all-customer queue=down
In the above 2 rules, “inet” is the interface that will be the OUTBOUND interface for all customer traffic (i.e. it is connected to your upstream) and “customer” is the wireless card that your customers connect to.
That is about it.
Great…this was just what I needed…
But…how do you make lets say 2 types of users, selecting them based on their IP adress…
I tried to make a new mangle something like this
0 X src-address=192.168.4.3/32 in-interface=ether1 action=passthrough mark-flow=korisnici2
1 X src-address=192.168.4.3/32 in-interface=unska action=passthrough mark-flow=korisnici2
2 X src-address=192.168.0.0/16 in-interface=unska action=passthrough mark-flow=korisnici
3 X src-address=192.168.0.0/16 in-interface=ether1 action=passthrough mark-flow=korisnici
and in queue type I made new 2 new types, based on what kind of limit I want to use for them, and in queue tree I made somthing like this
0 X name=“kor1-1” parent=ether1 flow=korisnici limit-at=0 queue=up priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0
1 X name=“kor1-2” parent=unska flow=korisnici limit-at=0 queue=down priority=8 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0
2 X name=“kor2-1” parent=ether1 flow=korisnici2 limit-at=0 queue=upunlim priority=6 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0
3 X name=“kor2-2” parent=unska flow=korisnici2 limit-at=0 queue=downunlim priority=6 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0
(currently all queue are disabled)
But, despite what I do, user on 4.3 have the same speed as in “korisnik” and not bigger, as said in korisnik2…
If you have any idea, I would be greatfull…
thx..
Thanks Butch! Does it matter that I have all the interfaces in the same bridge?
Thanks Butch! Does it matter that I have all the interfaces in the same bridge?
In my experience, PCQ does not play nice with bridged interfaces. I have only tried it once, but could never get it to work with bridged. For this, you will most likely want to do simple queues per IP.
I tried to make a new mangle something like this
0 X src-address=192.168.4.3/32 in-interface=ether1 action=passthrough mark-flow=korisnici2
1 X src-address=192.168.4.3/32 in-interface=unska action=passthrough mark-flow=korisnici2
2 X src-address=192.168.0.0/16 in-interface=unska action=passthrough mark-flow=korisnici
3 X src-address=192.168.0.0/16 in-interface=ether1 action=passthrough mark-flow=korisnici
Not sure if this is a copy/paste of your config, but there are a couple of questions/comments.
First, you seem to be marking the same src-address on multiple interfaces. This will not work (and is, in fact, impossible). You cannot have the same network address running on multiple interfaces.
Also, you are using private IPs in your post. If you are NATting, there is more you have to do in order to capture the traffic (in particular, it is the download speed you have to do something different with). Take a look at the HOW TO for P2P for an example of how to do this if you are NATting your customers.
Is there a way to have certain ip’s not effected by the pcq? For example business customers have different upload/download rates. I would gather you would just mangle that specific traffic and put the queue in before the pcq rule? Is this right?
Dan
Is there a way to have certain ip’s not effected by the pcq? For example business customers have different upload/download rates. I would gather you would just mangle that specific traffic and put the queue in before the pcq rule? Is this right?
There are different ways to handle this, depending upon what you know about your customer. For example, if your business customers (or any other “exceptions” to the general rule) have a different pool of addresses, they will not be mangled with the rules for “regular” customers. IMHO, this is easiest to accomplish in the mangle rules rather than ordering the queues.
With mangle rules, you can use action “accept” to stop processing further mangle rules or “passthrough” to continue processing. Mainly, it depends on what information you have available to identify a customer (or group of customers).
Yes…this is exactly what I wanted…exeption from the rule..
Here is another forum topic that has more on PCQ.
http://bruno.pmi.lv/phpbb2/viewtopic.php?t=159&highlight=
John