Queue a household

RouterOS Wireless Networking
1

Hi guys, During my quest to become a Wisp im coming againts a few things… Here is my issue. Im using usermanager for authentication and radius, I can set a AP tx limit and a client Tx limit in usermanager. And that will queue everybody that mite hook up to that CPE unit weather it being a switch or what not. My problem is I would much rather use simple queue per household or CPE unit, Main reason for it is, I can keep track of there names, i can see there current usage in TX,RX , i can see total upload and download used ( I know in usermanager you have that) AND and this is the big one i can Limit PTP users i can use Burst with simple queue’s. But if set the simple queue to a Ip address it will just queue that IP address.. Im looking for a better way to beable to queue a household using simple queue, Not the AP Tx, limit and client Tx limit propertie… See attached picture.


Hopefully somebody can set me straight on what to do or im just plain stuck with AP tx limit, and Client Tx limit. Thanks -Jordan
untitled2_CMLB.JPG

2

Route your CPE’s and NAT

3

Can you be more specific, do i take the CPE units ip themself and add them to NAT? I dont understand how to do what you presented..

4

Instead of bridging your CPE devices Route them.

for example:

AP, wlan1 = 10.0.0.1

CPE wlan1=10.0.0.2

CPE lan1= 10.0.1.1

NAT and masquerade. You can then put a queue on 10.0.0.2 and it won’t matter what is past in the 10.0.1.1 subnet.

5

Thanks Jwcn for replying!

I am not very knowledgible of NAT and masquerade, But I am learning, Do i NAT and masquerade a certian DST,SRC address? or an actuall interface?


I dont understand how NAting and Masquerading will see that a currten MAC address is using another IP address, and then queue it to using simple queue that is bound to one known addres being used by that Mac address… I dont know much about this so excuse my incompitence of how this all works, if someone had more time maybe they could give me a wiki to learn some of this, or someone could spell it out how it works to me.. I hope you all understand what im trying to do? if you dont i will definetily give a much more detailed description of my situation..

So far in firewall i enabled Srcnat, with masquerade, and so far it see’s data being passed through the network? But i do not see how this is going to help. Ip address of the routerboard is 192.168.0.6 whic is interface ether2, Internet is being sent to that IP address through ethernet from IP 192.168.0.1. From there sent through wireless card to clients with CPE units that carry a IP address And MAC address, From there they could hook up switch and have 10 computers with all different IP address’s, all bypassing my simple queue that has only 1 ip address of 192.168.0.23, which is the computer hooked to the CPE unit during instalation… after installation they could hook it up to a switch and set a bunch of different IP’s to all of there computers and Bypass queue…


Sorry for over defining my problem.. hopefully this makes it clear what im trying to do… IF NAT and masquerade is what i need to do like jwcn said then i need advice of how to do it with the information provided… I just didnt see how NAT and masquerade was going to do it… Then again im new to this…



-Jordan… :frowning:

6

Post your current configuration.

7

My src/masquerade

[jordan@J*B Wireless] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

My wireless export... (not sure of everything you need?)

jan/01/2000 00:01:45 by RouterOS 3.0rc13

software id = UZ4E-FTT

/interface wireless security-profiles
set default authentication-types="" group-ciphers="" group-key-update=5m
interim-update=0s mode=none name="default" radius-eap-accounting=no
radius-mac-accounting=yes radius-mac-authentication=yes
radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX
radius-mac-mode=as-username static-algo-0=none static-algo-1=none
static-algo-2=none static-algo-3=none static-key-0="" static-key-1=""
static-key-2="" static-key-3="" static-sta-private-algo=none
static-sta-private-key="" static-transmit-key=key-0
supplicant-identity="JB Wireless" tls-certificate=none
tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key=""
wpa2-pre-shared-key=""
add authentication-types=wpa-psk group-ciphers=tkip group-key-update=5m
interim-update=0s mode=dynamic-keys name="profile1"
radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none
static-algo-3=none static-key-0="" static-key-1="" static-key-2=""
static-key-3="" static-sta-private-algo=none static-sta-private-key=""
static-transmit-key=key-0 supplicant-identity="JB Wireless"
tls-certificate=none tls-mode=no-certificates unicast-ciphers=tkip
wpa-pre-shared-key="fourtrax" wpa2-pre-shared-key=""
/interface wireless
set 0 ack-timeout=dynamic adaptive-noise-immunity=no allow-sharedkey=no
antenna-gain=0 antenna-mode=ant-b area="" arp=enabled band=2.4ghz-b/g
basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment=""
compression=no country=no_country_set default-ap-tx-limit=0
default-authentication=no default-client-tx-limit=0 default-forwarding=yes
dfs-mode=none disable-running-check=no disabled=no disconnect-timeout=3s
frame-lifetime=0 frequency=2462 frequency-mode=manual-txpower hide-ssid=no
hw-retries=15 mac-address=00:15:6D:20:05:70 max-station-count=2007
mode=ap-bridge mtu=1500 name="wlan1" noise-floor-threshold=default
on-fail-retry-time=100ms periodic-calibration=default
periodic-calibration-interval=60 preamble-mode=long
proprietary-extensions=post-2.9.25 radio-name="00156D200570"
rate-set=default scan-list=default security-profile=default ssid="JB
Wireless" station-bridge-clone-mac=00:00:00:00:00:00
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default
update-stats-interval=disabled wds-cost-range=50-150
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no
wds-mode=disabled wmm-support=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100
audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00
frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10
multiple-channels=no only-headers=no receive-errors=no
streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
[jordan@JB Wireless] >


radius export??? dont know if you need it or not...

/radius
add accounting-backup=no accounting-port=1813 address=192.168.0.6
authentication-port=1812 called-id="" comment="" disabled=no domain=""
realm="" secret="123456" service=wireless timeout=300ms
/radius incoming
set accept=no port=1700


Ip address

lags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.0.5/24 192.168.0.0 192.168.0.255 ether1
1 192.168.0.6/26 192.168.0.0 192.168.0.63 ether2
[jordan@J*B Wireless] /ip address>


IP route print

[jordan@J*B Wireless] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC G GATEWAY

0 ADC 192.168.0.0/24 192.168.0.5
1 ADC 192.168.0.0/26 192.168.0.6
[jordan@J*B Wireless] /ip route>


If you would let mek now more of what you need i will post here.. I still have the connections bridge though.. i will route tonight...

However i have noticed that once enable the src/masquerade, radius wount authenticate clients, and my routerboard IP address is cleared to 0.0.0.0, and i have to log in via MAC.. so Nat src/masquerade is doing something but i beleive im not configuring it correctly...

I have never tried to use routeing, just bridging that is why i wasent able to route right away like you asked. but i will figure it out tonight.... Let me know if there is anything else you need. Thanks Jwcn -Jordan

8

I have no experience with Radius authentication. Do you need it for your application?

9

Its the only thing i know of how to get working with usermanager, pppoe and all of that is a fog to me as of right now, my network is wireless, and the CPE units are an assortment of airbridge tranzeo routerboards etc etc, and i dont beleive airbridge and tranzeo units support pppoe, and even if they did i do not know how to setup such a network…

But as of right now it is all i know that works… Are you sure Mac, authentication will affect the outcome of your idea of using NAT/Masquerade? ANd if it does


Does anybody else know a soulotion to my problem? :laughing:


I would be more than willing to convert to PPPoe If i could figure out how to configure my system in such a way.