What i have: 1 Central server with Routeros + User Manager installed 6 Wireless Access Points connecting to the Server through ethernet cables
What i want:
-Clients must be mac-authed on central server (got this to work so far)
-Clients must get dhcp route to internet which routes through server (got this to work so far)
or they must pppoe in to authenticate with server (think i can get this to work) -Clients must be limited to a certain speed(kbps) when accessing internet through server and also limited to a certain usage(kb), but must be unlimited on the internal network for file transfers etc… <<<<<<<<-------------------
How does usermanager see what i want limited to a certain speed and usage, and what i dont want limited. Im familiar with routeros but not usermanager. How can i get the limits on only internet access(external) and not local(internal)??
As far as I know currently Rate-Limits provided from RADIUS/User-Manager, they establish dynamic queue that is dedicated to entire user trafic.
You are not able to create custom queues for different types of traffic.
So, to make full-automated scenario, you may add one queue to router,
like
‘queue simple add target-address=local_subnet dst-address=local_subnet’.
Ensure that this queue is always on top, it is possible with scripting.
I’m pretty sure I know how to use queues to do the rate limiting, but the main reason I want to use usermanager is,
Users can see their usage
they get disconnected if they exceed their usage
I’ve got usermanager limiting perfectly now. User connects and authenticates with usermanager to get one Ip address which is local ip address. He then dials a pppoe connection to usermanager to get another Ip address. the second address is allowed internet acesss.
The only problem is now if the client connects the pppoe connection, whenever he accesses local IP’s, it is counting towards his cap on usermanager and also he is rate limited locally. Is this “2 IP” method feasible? is there a way for local traffic not to count towards cap? ( the client can disconnect the pppoe connection temporarily to usage local network, but this isnt really the clients job but the WISP)
The only problem is now if the client connects the pppoe connection, whenever he accesses local IP’s, it is counting towards his cap on usermanager and also he is rate limited locally. Is this “2 IP” method feasible? is there a way for local traffic not to count towards cap? ( the client can disconnect the pppoe connection temporarily to usage local network, but this isnt really the clients job but the WISP)
If he’s using a pppoe connection his local network should still be maintained.
For example, a local network of 192.168.1.0/24 and his computer having and address of .50 should normally then give his OS a dynamic route of 192.168.1.0/24 via 192.168.1.50 while his pppoe connection would have a default route of 0.0.0.0/0 via which should be on a separate network.
Also, if he wanted to add other networks to his own network he’d have to add appropriate routes on his own pc, as all unknowns would be passed out through his pppoe link instead of checking a local gateway (if he has one setup)
The above layout is what i currently have (without PPPOE). What you described is exactly what i want to achieve.
-The only difference is on my network a user which is connected to AP1 (172.16.161.x) should
be able to connect to a user connected to AP2 (172.16.162.x). so there is already a gateway
at 172.16.161.x for example. I don’t know if this will conflict with the setup.
-I think the problem with my setup is, I don’t know what to make the PPPOE ip range. Say for example i make it a range of pools from 172.16.180.0/24. then what should the gateway be? still 172.16.161.1? or should it be the Userman/Mikrotik server-pc (172.16.160.11)?
-The only difference is on my network a user which is connected to AP1 (172.16.161.x) should
be able to connect to a user connected to AP2 (172.16.162.x). so there is already a gateway
at 172.16.161.x for example. I don’t know if this will conflict with the setup.
This is where your conflict is. When you connect the pppoe login, it assigns it’s own default gateway, which means rather than trying to pass it through the local server, the client now passes everything outsite the 172.16.161.0/24 to the pppoe gateway.
You could fix this by assigning a static route on the client (172.16.162.0/24 via 172.16.161.x). As for making them route dynamically.. hmm. I can’t think of anything off the top of my head but I’m sure theres a way to assign a connected device some dynamic routes.
best would be some way to route those networks unmetered and unrestricted back to the inside.
