Mikrtik Hotspot - Disconnect-Request

satlizard26 · July 10, 2009, 6:35pm

Hi All

I recently switch over from m0nowall captive portal to mikrotik hotspot RB433 3.23. Her’s my problem hopefully somebody can assist me or point me in the correct direction.

Freeradius worked correctly when a user has reached its volume limits and with the interim update of 1min it will disconnect the user on m0nowall. Working 100%

however

With Mikrotik the freeradius attributes ( Rate limit etc )works perfectly but it do not disconnect the user if its past the limits. If the user is pass the limit and you disconnect him manually, and try to login, mikrotik prevent the login which is correct. Interrum update has been set and can see its is working on the stats page in freeradius.

I tried the following:

Switch on incoming raduis on port 3779 on Mikrotik.
Nothing hapens when the user goes past, everything is 0 in the icoming radius stats page.
if I run the follwoing command mikrotik disconnect the user and I can see ACK = 1 in the stats page.

echo “User-Name=test,NAS-IP-Address=192.168.1.1,NAS-Port-Id=ether1,Framed-IP-Address=192.168.1.100” | radclient -q 192.168.1.1:3779 disconnect secret

Set Interrum Update in freeradius and in Mikrotik, still no go.

I see however in Freeradius 2.16 there is support fort originate-coa “Send-CoA-Request = No / Yes” do I need to upgrade.?

Does Mikrotik support Disconnect-Request like m0n0wall or is there something I am missing or can do in either Freeradius or Mikrotik to get the Disconnect-Request working, ether through a Disconnect-Request packet or CoA.

Thanks in advance.

Chupaka · July 12, 2009, 8:46am

http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_radius_content.php#.3

Disconnect-Messages should work…

satlizard26 · July 12, 2009, 3:29pm

Thx for the reply, but confused are not the word.

from the link:

“RouterOS doesn’t support POD (Packet of Disconnect) the other RADIUS access request packet that performs a similar function as Disconnect Messages”

and

Change of Authorization

RADIUS disconnect and Change of Authorization (according to RFC3576) are supported as well. These attributes may be changed by a CoA request from the RADIUS server:

Mikrotik-Group
Mikrotik-Recv-Limit
Mikrotik-Xmit-Limit
Mikrotik-Rate-Limit
Ascend-Data-Rate (only if Mikrotik-Rate-Limit is not present)
Ascend-XMit-Rate (only if Mikrotik-Rate-Limit is not present)
Mikrotik-Mark-Id
Filter-Id
Mikrotik-Advertise-Url
Mikrotik-Advertise-Interval
Session-Timeout
Idle-Timeout
Port-Limit

What does this mean..?, what is the difference between packet of disconnect and radius disconnect. I think my problem more relates to POD, which is NOT supported by Router OS, which points to my problem, correct…?

Chupaka · July 13, 2009, 7:43am

well, we use radclient to disconnect user. FreeRADIUS simply executes similar command

satlizard26 · July 14, 2009, 3:17pm

Thx

I think what you are referring to is a CoA packet, and yes that works tested on my side. The question is how do one get Freeradius to send a CoA packet rather than a remote disconnect…?

What I have read so far is that Mikrotik will only support PoD if used wirh VSA attributes.

These ones are new and carries my interest, they are undocumented

ATTRIBUTE Mikrotik-Total-Limit 17 integer
ATTRIBUTE Mikrotik-Total-Limit-Gigawords 18 integer

I see Aradial is already using it. Hopefully the PoD will work with these attributes.

Aradial automatically limits the MB for both up and down when using the Metering feature.
The VSA attributes to use:

MTK-Total-Limit - limit in bytes until 4GB.
MTK-Total-Limit-Gigawords - in 4GB units. 2 mean 8GB.

m4rk0 · September 4, 2009, 2:32am

Hello,

I have FreeRadius + mysql module…

Does anyone have script to disconnect all online users at once?

Thank You in advance!

Chupaka · September 4, 2009, 9:54am

something like

/ppp active remove [find]

=)

thavinci · October 14, 2009, 10:11am

Does anybody have a working setup with Freeradius and Mikrotik that supports packages larger than 4gb?

It seems near impossible!

Chupaka · October 14, 2009, 7:33pm

we use FreeRADIUS (FreeNiBS module) for pptp. I see users with >5 Gb per session

abdulmohid · November 19, 2009, 7:09am

Hi,

I am using Mikrotik router OS 2.9, basic radius operations are working fine but while try to send a PoD and CoA request some it is not reaching to the router and some time it is marked as Bad request. I am new to Mikrotik router OS. Help to sort it out …

Thanks in advance…

Mohid

Chupaka · November 19, 2009, 2:23pm

check RADIUS Secrets on both sides

myazdian · August 25, 2016, 1:26pm

sorry for up date this post
I have a same problem for freeradius and Mikrotik-Total-Limit
When my users hit the qouta are not diconnect qutomatically but if diconnect manoly they are cannot connect to the server (Freeradius rejected).
I like to disconnect automaticaly after use the maximom tarffic like 1G

I use sqlcounter:

sqlcounter  poyrazwifi_Limit{
	counter-name = Mikrotik-Total-Limit
    check-name = Mikrotik-Total-Limit
    reply-name = Session-Timeout
    sqlmod-inst = sql
    key = User-Name
    reset = never
	query = "select (sum(acctinputoctets) + sum(acctoutputoctets)) from radacct where username = '%{%k}';"
}

and add the poyrazwifi_Limit in the radius.conf ~ authorize{}

poyrazwifi_Limit{
		userlock = 1
	}
	if(userlock){
		ok
		reject
		update reply {
		Reply-Message := "Your account has expired, %{User-Name}"
		}
	}

radcheck row is:
mysql:

test Mikrotik-Total-Limit := 100000

I have not no ack in the incomming radius 3379 on routeros