I was wondering if anyone else may have run into this issue and what you may have done to solve it. Any Advice or suggestions would be greatly appreciated.
I am running this test on RouterOSv5.2.
I have setup a Routerboard Running v5.2 as an AP with the hotspot enabled and a FreeRadius w/mysql server.
I Setup the security profile on the Wireless interface for RADIUS Mac Auth. only
I then setup a hotspot on the same interface and set it up for Radius enabled, standard Mac format, and acounting.
Then of course setup the radius server under the radius section of the router.
EVerything works nearly perfect except i have one little weird issue.
We are sending the rate limit settings for the hotspot from the RADIUS server in this format:
Mikrotik-Rate-Limit := 256k/2m 256k/4m 256k/2m 10/10 7 56k/128k
In the dyanmic que created by the hotspot this should (and does ) set the following:
Max-Limit = 256K Upload 2M Download
Burst-Limit = 256K Upload 4M Download
Burst-Threshold = 256K Upload 2M Download
Burst-time = 10seconds up and down
Priority of 7
Limit-At = 56K Up and 128K Down
It sets this perfectly and works the way we desired. When we tested this on a RouterOSv4.17 and it would use radius to MAC-Auth and then when the hotspot would check radius it would authorize and set the speeds. We then set this up on a v5.2 and when the wireless client connects to the wireless interface, the router checks radius and will auth the MAC but will also set speed limits on it of the MAX-Limit value. This basically renders the bursting useless. Is this the correct way this should function? Am I not settings something correctly?
Here is my settings for the hotspot:
/ip hotspot profile
set default dns-name="" hotspot-address=0.0.0.0 html-directory=wireless http-proxy=0.0.0.0:0 login-by=mac \
mac-auth-password="" name=default nas-port-type=wireless-802.11 radius-accounting=yes \
radius-default-domain="" radius-interim-update=received radius-location-id="" radius-location-name="" \
radius-mac-format=XX:XX:XX:XX:XX:XX rate-limit="" smtp-server=0.0.0.0 use-radius=yes
/ip hotspot
add disabled=no idle-timeout=2m interface=wlan1 keepalive-timeout=none name=wlan1 profile=default
/ip hotspot user profile
set default idle-timeout=none keepalive-timeout=2m name=default shared-users=1 status-autorefresh=1m \
transparent-proxy=no
add idle-timeout=none keepalive-timeout=2m name=standard rate-limit=\
"128k/768k 128k/1500k 128k/1000k 15/15 7 56k/128k" shared-users=2 status-autorefresh=1m \
transparent-proxy=no
add idle-timeout=none keepalive-timeout=2m name=economy rate-limit=\
"56k/384k 56k/512k 56k/400k 15/15 7 56k/128k" shared-users=2 status-autorefresh=1m transparent-proxy=no
add idle-timeout=none keepalive-timeout=2m name=highspeed rate-limit=\
"256k/2m 256k/4m 256k/2400k 15/15 7 56k/128k" shared-users=2 status-autorefresh=1m transparent-proxy=no
add idle-timeout=none keepalive-timeout=2m name=business rate-limit=\
"768k/3m 768k/6m 768k/4m 15/15 6 56k/128k" shared-users=2 status-autorefresh=1m transparent-proxy=no
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=yes
add action=allow disabled=no dst-host=ourdomain.com
Here is the relevant security profile settings:
/interface wireless security-profiles
radius-mac-authentication=yes radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
and lastly my radius settings with the ip changed of course:
/radius
add accounting-backup=no accounting-port=1813 address=1.1.1.1 authentication-port=1812 called-id="" \
disabled=no domain="" realm="" secret=secretpassword service=login,hotspot,wireless timeout=300ms
/radius incoming
set accept=yes port=1700
when i put a mac in the database and have it set to send the above then I get this when the client attaches
AP limits client to 2M download and does not allow bursting to 4M
If I turn off the Mac auth in radius for the security profile.. it bursts fine.
I would rather not disable Mac Auth because i feel it is important to keep rogue clients from connecting to the ap. even if they are not allowed through via hotspot they could still cause issues.
Does anyone have any ideas how to fix this or is it a bug?