Limit bandwith by mac address after reaching a limit; using FreeRadius and RB952Ui-5ac2nD

RouterOS Beginner Basics
1

Dear Community,

(Questions at the end, marked in bold. Text before is explanation about the situation.)

i have a project with kids, where we want to install a free wifi in the youth club of our village.

We want it to do the following:

  1. Everyone can use the free wifi - no splash page or authentication by hand.

  2. First 100mb every user get’s the full bandwith. After this we limit them, so they can still use a simple messenger like whatsapp, but not run youtube anymore.
    This is to get them away from watching youtube all day in the club. We want internet for them - and especially for communication, but we do not want iphone zombies staring at the screens all day. ;D

  3. Thats it.

    \

What we did:
We bought a Mikrotik RB952Ui-5ac2nD and played a little bit around with it. I have basic knowledge of ip and firewall, but it is limited for “normal” usage. All good so far.
Users do not connect to our office net, but to the mikrotik by wlan. Access to the office net is forbidden by firewall rules. The office network is secured by fixed mac addresses and an additional strong wifi password. All okay so far.

What we want to know:
We want to limit the bandwith for the users.

We do not want splash-pages. We already tried this solution a while ago, and it let a lot of frustration, because all day the kids had troubles with the splash pages. Even adults had this troubles. Splash pages not showing up and so on… very frustrating and time consuming for the staff..

We want, anytime someone connects, the devices mac address is internally tracked. And when a download limit is reached (100mb) the bandwith should be limited for example to 32kb or 64kb or anything suggested. We cannot do this by IP Address, because the kids will find a way to renew the address by DHCP very fast i think. :smiley:

I already read a lot, and i think i may have found a solution. But i need a verification and maybe some hints to good tutorials, before i invest a lot more of time into this “community-free-of-any-charge” project.
I think we should use a radius server. As far as i understood, this should be possible with radius - maybe with pppoe authentication?



Many children will be VERY HAPPY about your contribution in form of knowledge!!!

Questions:

  1. Is FreeRadius a good solution for us? (We would install it on a cubox-i for example).
  2. Is it possible to rate limit a connection after an defined amount of download with mikrotik and freeRadius?
  3. If Nr 2 is not possible - may there be another solution?
  4. Do you think 32kb is a good limit, to allow the users whatsapp, but not youtube anymore?
  5. Do you have any good tutorial or manual, on how to setup this specific situation?

Thank you very much!

Kind regards

the Regenbogenhaus in Chemnitz, Steve