I hope MT will implement support of multi (more than one) dynamic address list for Radius (MIKROTIK_ADDRESS_LIST, 14988,19) in one session for more flexible managment clients.
ROS 4.11 - limit 1.
ROS 5.rc1 - limit 1.
You can achieve this pretty easily with a mangle rule:
Address from RADIUS → address list: RadiusList
Then in mangle, you could say:
/ip firewall mangle add src-address-list=RadiusList action=add-src-to-address-list address-list=List2 address-list-timeout=15m
Just a workaround for now if it helps.
+1 very useful feature
Unfortunately it does not help . it just copy all of address-list to another .
No, the workaround would put the IP address of someone passing traffic through the router onto another address list. That would allow you - given that you have the address lists passed on by RADIUS set up right - to put people on arbitrary, multiple address lists. It’ll take a little more to organize the mix and match but it’s definitely possible.
Of course a native implementation would still be very nice to have.
how to implement a way for
person1 belongs to address-list1 and address-list2 and address-list3
person2 belongs to address-list1 and address-list4 and address-list5
does your workaround help ?
It isn’t my workaround, Doug came up with it.
Person 1 gets a RADIUS supplied address list of 1and2and3 and person 2 gets a RADIUS supplied address list of 1and4and5. There are 3 mangle rules that copy everyone on 1and2and3 on list 1, list 2 and list 3, and another 3 mangle rules for the other person.
It becomes convoluted after a while, but how many combinations do you have? It will at least carry you over until MT hopefully implements the feature request.
I was asking about that feature on it’s presentation on my first MUM’2009 in Europe 
Janis M. said, if you need it - write to support@
I haven’t written, have you?.. =)
I have now! - [Ticket#2010100466000073]
The more I think about the feature the more I like it. I could use the hell out of that.
Definitely a handy feature to have.
To fewi:
What status of this Ticket#201010046600007 (after 4 monthes)?
Search for it comes up empty in my inbox, but I don’t think it’s implemented in any version.
Was there ever any resolution to this feature request?.. +1
How about a work around involving one address list from radius and then a script to take that src and add it to the appropriate address list(s).
For instance you could have customer A with address list from radius “list-fire-walled-gold”. A second customer B might be on address list “list-gold”.
Then you could have a script get fired off just after the radius auth that would analyze the address list that was sent though radius and add the src address to the appropriate address list(s).
So in this case customer A would be added to both a fire walled address list and a gold service level list. Customer B would only be added to gold service level list.
http://www.mikrotik.com/download/CHANGELOG_6
What’s new in 6.0rc10 (2013-Feb-15 10:47):
*) hotspot, ppp - support multiple address-lists;
Sorry, but in FIREWALL the whole ip address and port concept is way too FLAT. There is NO hierarchy for the ip addresses in firewall. Nor for the ports/services.
We need this CRITICAL feature of grouping the objects in like folders to be able to declare what we need OUR WAY, and then operate these groups in 1 click/line.
There is apparent lack of abstraction/ object hierarchy when comparing to other firewalls of 21st century.
what hierarchy do you mean?..