RADIUS MikroTik-Rate-Limit and Static IP Addressing

ktw-matt · January 26, 2007, 5:19pm

Hi all,

We’re already using RADIUS and the MikroTik-Rate-Limit attribute for DHCP customers, but I’m curious if you can rig up RouterOS to do this with static IP customers.. something like this:

Packet comes in on wlan1 (for instance) on the forward chain. The MAC address associated with this packet gets sent to the RADIUS server.
Then…

if (radius_reply == ok)
{
  rate_limit = radius_reply[1]; // for example
  if (static_ip is_not_found_in simple_queue_list)
    add simple queue using rate_limit
  elseif (static_ip is_found_in simple_queue_list)
    check and update, if necessary, the simple queue's rate_limit
}
else
{
  add firewall rule(s) to block their IP on the forward chain.
}

I hope that makes sense. If possible, I want the same level of control for static IP customers, that we have with DHCP customers.

All suggestions are welcome.

wildbill442 · January 26, 2007, 5:51pm

I thought I had something for you, but after re-reading my post, it wouldn’t work.. (delete post)

savage · January 26, 2007, 8:01pm

You should be able to get Radius itself to implement this via something like SSH on the MT via rlm_perl or rlm_exec…

Will be a highly customised auth server though. I don’t think you can do this with MT / standard radius itself…

conchalnet · January 29, 2007, 11:14pm

HI ktw-matt,

did you find a solution to this problem? I want the same: limit the customers speed when the client is associated to my ap and the mac is authenticaded via radius but the interface has a fixed IP address.

Regards,

Fabrício F.: Kammer

ktw-matt · February 12, 2007, 9:01pm

I’ve asked about this kind of thing before, and the obvious solution is to use DHCP and give out static leases, but this seems a bit unnatural. However, by doing so, it would simplify IP assignment and configuration… not to mention the ability to automatically Rate-Limit static IP customers.

Currently, a static IP on portions of our network require: a manual ARP entry in the router, a manual simple queue entry, and of course getting their client device configured to use the assigned IP, subnet, and default gateway.

On the up-side, we don’t have too many static IP customers, but that still doesn’t justify all the manual modifications that need to be made.

One other possibility: When RouterOS 3.0 comes out, we can make use of the RouterOS API from our customer database application. (Or is the API already available in 2.9.x?)

conchalnet · February 13, 2007, 11:27am

Hi ktw-matt,

I use static IP addresses on all my customers, but I want to concentrate all the informations on the same place to give more security and facility do make de backups.

I’m waiting the API for a long time too… It will be great.

Regards

jonmansey · February 18, 2007, 8:51pm

what about using PPPOE? using radius to assign static IP and rate-limit to customers as they authenticate, you can sell them encrypted link also

jm

conchalnet · February 19, 2007, 11:16am

jonmansey,

Hi, I can’t use pppoe in my customers, first because I’ll have to change all customers configurations, what is a lot of work and second because I’ve a compromisse with my customers of “PowerOn the computer and start to browser the internet”.

Today I do the simples queues by hand. I just want to do this automatically, with out open the Winbox and create the simple queues.

Regards