We setup a Radius server that responds to the Mikrotik DHCP server. If the mac is not in the "allowed" list on the Radius server, it responds with a different ip pool. The allowed mac addresses get a bandwidth limit for dynamic queueing and the "unauthorized" devices get redirected to a web page to contact support. This portion seems to work flawlessly.
There are 2 main issues:
The DHCP server is not respecting the shorter lease time of the unauthorized leases. I am sending radius attribute 27 (Session-Timeout) with a value of 60. I expect this would change the lease time to 60 seconds.
The DHCP server doesn't seem to be sending Radius requests on the leases renewing. When an unauthorized device requests to renew the ip, it gets the same ip, even if it is now in the "allowed" list, and the Radius counters in the mikrotik do not change. Is there way to force the Mikrotik DHCP server to send Radius requests even if the leases are renewing?