I am running a DHCP server on the RB1000 that uses an external radius server. I use the Mikrotik-Rate-Limit attribute to assign bandwidth limits to users. I would like to dynamically assign firewall rules to apply TCP connection limits as well. Is this possible using the Filter-Id attribute, or possibly some custom script/attribute?
Thanks.
http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_radius.php
Use the Filter-Id attribute.
Thanks for the quick response fewi. I have tried the Filter-Id attribute without success. I have not been able to find a single example of it working. I enter it into my radius server and never see any firewall rules created when a user draws DHCP (no errors in the log either). I am beginning to wonder if it only works with ppp or hotspot.
Yes, it only works with Hotspot/PPP (as the docs explicitly state). Guess I should have read the thread title more carefully.
I guess you could hack something together with scripts that watch local logs, but I think it would be considerably easier (and stable) to just implement static rules for IP ranges and then assign the client an IP in a range that matches the policy you want to assign.
Maybe try requesting that the new address-list feature for DHCP/Hotspot introduced with v4 get extended into a RADIUS attribute.
That would actually be rather neat for other use cases, too.