Hi,
Customer has a 5Mbps ADSL Line,
They also provide free Wifi to customers,
and when the customers come, they start hammering the connection (really bad. Ping RTT’s go up to 30 seconds!), and pull in the Maximum that the line can provide.
I have put a Mikrotik hotspot in now, and have set it up so that the Trial Users are limited to 30 minutes uptime, or 50MB. Once exceeded, they need to get a voucher from the Waiter to connect again. There are similar limits attached to the voucher ID’s.
I have also set a limit on the profiles, so that each individual user cannot exceed a certain bandwidth,
but if I have 3 or 4 customers on at the same time, they can still congest the line.
I was trying in the Hotspot Server Profile, setting those rate limits, but it only controls traffic to the hotspot server (webpages) itself.
I somehow need to say that any traffic (from the Internet) to the Hotspot IP Range, or Interface, or something, gets limited to say 2Mbps Download, and 128Kbps upload.
How would I go about defining that.
Attached is my code. Thanks
jun/22/2017 14:10:59 by RouterOS 6.39.2
software id = W17Q-5CBC
/interface bridge
add admin-mac=64:D1:54:42:2C:C4 auto-mac=no fast-forward=no name=
adminnetworkbridge
add fast-forward=no name=publicwifibridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] comment=“HotSpotted Eth4”
/ip neighbor discovery
set ether1 discover=no
/interface vlan
add interface=adminnetworkbridge name=vlan2 vlan-id=2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods=“”
management-protection=allowed mode=dynamic-keys name=“companys admin”
supplicant-identity=“” wpa-pre-shared-key=companys12345
wpa2-pre-shared-key=companys12345
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce
disabled=no distance=indoors frequency=auto mode=ap-bridge name=adminwifi
security-profile=“companys admin” ssid=Companys wireless-protocol=802.11
add default-forwarding=no disabled=no keepalive-frames=disabled mac-address=
66:D1:54:42:2C:C7 master-interface=adminwifi multicast-buffering=disabled
name=publicwifi ssid=“Companys Customer Wifi” wds-cost-range=0
wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] login-by=cookie,http-chap,trial
add dns-name=companys.on.faya hotspot-address=192.168.100.1 login-by=
http-chap,trial name=hsprof1 trial-uptime-limit=0s
/ip hotspot user profile
set [ find default=yes ] name=default-trial rate-limit=96k/16k shared-users=
100
add name=unrestricted transparent-proxy=yes
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=hs-pool-7 ranges=192.168.100.2-192.168.100.254
/ip dhcp-server
add address-pool=hs-pool-7 authoritative=after-2sec-delay disabled=no
interface=publicwifibridge lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-7 disabled=no interface=publicwifibridge name=
“Companys Customer Wifi” profile=hsprof1
/queue tree
add disabled=yes max-limit=1M name=hstotaltraffic parent=global queue=default
add disabled=yes name=hsupload packet-mark=hsupload parent=hstotaltraffic
queue=default
add disabled=yes name=hsdownload packet-mark=hsdownload parent=hstotaltraffic
queue=default
/interface bridge port
add bridge=adminnetworkbridge interface=ether2-master
add bridge=adminnetworkbridge interface=adminwifi
add bridge=publicwifibridge interface=ether4
add bridge=publicwifibridge interface=publicwifi
add bridge=adminnetworkbridge interface=ether1
add bridge=publicwifibridge interface=vlan2
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=
adminnetworkbridge network=192.168.88.0
add address=192.168.100.1/24 comment=“hotspot network” interface=
publicwifibridge network=192.168.100.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=
ether1
/ip dhcp-server network
add address=192.168.100.0/24 comment=“hotspot network” dns-server=
192.168.100.1 gateway=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=192.168.100.1
/ip firewall filter
add action=accept chain=hs-input dst-address=192.168.100.0/24 dst-port=53
protocol=tcp
add action=accept chain=hs-input dst-address=192.168.100.0/24 dst-port=53
protocol=udp
add action=accept chain=hs-input dst-address=192.168.100.0/24 dst-port=80
protocol=tcp
add action=accept chain=hs-input dst-address=192.168.100.0/24 protocol=icmp
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=“defconf: accept established,related”
connection-state=established,related
add action=drop chain=input comment=“defconf: drop all from WAN”
in-interface=adminnetworkbridge
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related
add action=accept chain=forward comment=“defconf: accept established,related”
connection-state=established,related
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface=adminnetworkbridge
/ip firewall mangle
add action=accept chain=prerouting in-interface=publicwifibridge packet-mark=
hsupload
add action=accept chain=postrouting out-interface=publicwifibridge
packet-mark=hsdownload
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat comment=“defconf: masquerade”
out-interface=adminnetworkbridge
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
src-address=192.168.100.0/24
/ip hotspot user
set [ find default=yes ] limit-bytes-total=50000000 limit-uptime=30m
add name=peter password=@mypassword profile=unrestricted
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=CompanyMaster
/system logging
add action=echo topics=info
/system ntp client
set enabled=yes primary-ntp=216.228.192.69 secondary-ntp=196.25.1.1
server-dns-names=time.nist.gov
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=adminnetworkbridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=adminnetworkbridge