I am using mikrotik hotspot gateway and th users are getting authenticated throw hotspot and getting ip addres throw dhcp. I have tried to limit their bandwidth but there is something wrong becouse they can still bypass the queie. When I add a hotspot user I put 65536 for 64 kbps limit and when I check in the firewall mangle I see that automaticlly hospot creates rules for the users and there is src adress of that user. I have tried with dst adress but it still doesnt work. Anyone that can answer my to my question please I would be very gratefull
I guess you’re trying to implement queue trees on a unit serving hotspot. Queue trees requires that packets be marked in mangle, each queue matched to a flow. Mikrotik hotspot uses mangle to identify authenticated users, based on src-addr and marked with ‘hs-auth’. YOu will notice the dynamic mangle entries added after each user login. The Dynamic rules automatically are placed above whatever static you have and since the OS treats line line, yours will be disregarded making it difficult to create your flows. Your best shot is to use simple queues instead of queue trees.
Create your simple queues manually or assign by radius server.
No I did not add any queie manually in the queie section. I’m just adding a user in hotspot section and I chose a profile that I have made with a 64kbps limit. When a user is online I check in the Firewall mangle it looks that a user is limited on 64kbps but there is no dst adress only src adress. Users get’s ip adresses from Mikrotik dhcp server and allso hotspot is build up on Mikrotik
When u set the bandwidth the hotspot profile, a simple queue entry is dynamically added. Check the simple queue when a user is connected (in winbox for example). You should have an antry added while user is online.
There will also be a passthrough entry in mangle for the authenticated user. But will be deleted by the system when user logs off.
great! if the bps is changing, then the system is managing bandwidth. You might consider using radius for hotspot authentication… you will better be able to specify different rates for download and upload.
I need more info on your setup. What’s ur router OS version? Also send me the output of the following either telnet or terminal of winbox (preferably while a user is logged on):
/ip hotspot profile print
/queue simple print
Let’s see the output… we can then take this further.
Your config looks ok and I really cannot see a problem. Sure you don’t have entries in Queue trees that might cause this? Do not create any rule in queue tree matching flow “hs-auth”. Also ensure u don’t have static mangle rules that might interfere with hotspot. If you’re sure of this, trying testing the simple queue independent of the hotspot system by moving all users to the default profile that has no restriction. Create a binding in dhcp to a clients mac (or simple put static on client pc), then setup a simple queue to this static ip address. Assuming for 192.168.0.3/32 create a simple queue and test.
I found the way how to do it but it is boring becouse I have to do it manually for every user.
In the target adress I put 0.0.0.0/0 and the dst adress must contain the adress of the user and all this has to be done manually in the simple queue and this works fine.