Block multiple pppoe IP-Adresses

buliwyf · July 29, 2009, 9:39am

Hello,

our customers are allowed to login multiple times with the same account (PPPoE, Radius)
but i want a single account to just be able to contact 2 servers in the Internet (ACS,DNS).
But this special service account is for configuring our customers routers.
The router uses it to geht his inital config via acs, so the router has to contact the acs server.
I already tried to solve the Problem with loops e.g. foreach but did not come to a solution.

I created an address-list and 6 firewall rules which work.
the address-list gets updated every 30 seconds with the following script:

/ip firewall address-list remove [find list=serviceaccount]
/ip firewall address-list add list=serviceaccount  address=[/ppp active get [find name=pppoeserviceaccount] address ]

This works as long as the account is just logged in once.

Has anybody an idea how script this?

mrz · July 29, 2009, 9:41am

In ppp profile set only-one=yes

If you are using RADIUS server then you have to run script on RADIUS server which will not allow multiple logins.

buliwyf · July 29, 2009, 10:07am

Yepp i know that, but i need multiple Logins.

But i figured it out by myself.
http://forum.mikrotik.com/t/bug-can-someone-confirm-if-this-line-of-code-works/30150/1
Was the info i needed.

The script now looks like:

/ip firewall address-list remove [find list=serviceaccount]
:foreach i in=[/ppp active  find] do={
	:if ([/ppp active  get $i name]="pppoeserviceaccount")  do={ 
		/ip firewall address-list add list=serviceaccount  address=[/ppp active get $i address]
	}
}

shrek777 · July 8, 2010, 6:54am

how i can run this script on radius server? and will it help? to prveent simultanious logins