Community discussions

MikroTik App
 
e066377
just joined
Topic Author
Posts: 8
Joined: Sun May 13, 2018 12:11 am

Mikrotik-Rate-Limit Attribute missing in Hotspot Accounting Request

Tue Jul 14, 2020 6:20 am

Hello all,

I have configured freeradius to read current rate limits from sql server for the user in accounting section of default site.
If accounting request does not have Mikrotik-Rate-Limit or Mikrotik-Rate-Limit is not equal to the read value from sql server then Mikrotik-Rate-Limit is set with new value by CoA update.
update control {
	User-NAS-Vendor = "%{sql: SELECT TOP 1 Vendor FROM nas WHERE IPAddress = '%{Packet-Src-IP-Address}'}"
	User-Rate = "%{sql:SELECT [dbo].[GetUserCurrentRateLimit]('%{User-Name}', '%{&control:User-NAS-Vendor}')}"
}

if(!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) {
	update coa {
		&User-Name = "%{User-Name}"
		&Framed-IP-Address = "%{Framed-IP-Address}"
		&Mikrotik-Rate-Limit := &control:User-Rate
	}
}
Where User-Rate and User-NAS-Vendor are costom attributes added in dictionary.

This works well for PPPoE but not for hotspot;

In hotspot, accounting request never have Mikrotik-Rate-Limit, so radius server update rate limit in every accounting interim update even if it is already set to the same value..

Freeradius debug output for PPPoE and Hotspot exampels:

PPPoE

Received Accounting-Request Id 48 from 192.168.1.200:44613 to 192.168.1.102:1813 length 222
(2) Service-Type = Framed-User
(2) Framed-Protocol = PPP
(2) NAS-Port = 15728642
(2) NAS-Port-Type = Ethernet
(2) User-Name = "test@ofis"
(2) Calling-Station-Id = "D8:C4:97:15:C1:F8"
(2) Called-Station-Id = "PPPoE"
(2) NAS-Port-Id = "LAN"
(2) MS-CHAP-Domain = "ofis"
(2) Acct-Session-Id = "81100002"
(2) Framed-IP-Address = 192.168.10.255
(2) Acct-Authentic = RADIUS
(2) Event-Timestamp = "Jul 14 2020 05:04:12 +03"
(2) Acct-Session-Time = 721
(2) Idle-Timeout = 0
(2) Session-Timeout = 0
(2) Acct-Input-Octets = 702800
(2) Acct-Input-Gigawords = 0
(2) Acct-Input-Packets = 4081
(2) Acct-Output-Octets = 3702319
(2) Acct-Output-Gigawords = 0
(2) Acct-Output-Packets = 4286
(2) Acct-Status-Type = Interim-Update
(2) NAS-Identifier = "multigroup"
(2) Acct-Delay-Time = 1
(2) Mikrotik-Realm = "ofis"
(2) NAS-IP-Address = 192.168.1.200
(2) # Executing section preacct from file /etc/freeradius/3.0/sites-enabled/default

No Mikrotik-Rate-Limit at first,, so a CoA update is called

(2) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) {
(2) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) -> TRUE
(2) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) {
(2) update coa {
(2) EXPAND %{User-Name}
(2) --> test@ofis
(2) &User-Name = test@ofis
(2) EXPAND %{Framed-IP-Address}
(2) --> 192.168.10.255
(2) &Framed-IP-Address = 192.168.10.255
(2) &Mikrotik-Rate-Limit := &control:User-Rate -> '8192k/102400k'


and next interim update has Mikrotik-Rate-Limit

((5) Received Accounting-Request Id 49 from 192.168.1.200:57574 to 192.168.1.102:1813 length 279
...
(5) X-Ascend-Data-Rate = 102400000
(5) Ascend-Xmit-Rate = 102400000
(5) X-Ascend-Data-Rate = 8192000
(5) Ascend-Data-Rate = 8192000
(5) Mikrotik-Rate-Limit = "8192k/102400k"
...
And radius server again decides if it needs to update Mikrotik-Rate-Limit

(5) if (&control:User-Rate && &control:User-Rate != '') {
(5) if (&control:User-Rate && &control:User-Rate != '') -> TRUE
(5) if (&control:User-Rate && &control:User-Rate != '') {
(5) switch %{&control:User-NAS-Vendor} {
(5) case Mikrotik {
(5) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) {
(5) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) -> FALSE
(5) } # case Mikrotik = noop
(5) } # switch %{&control:User-NAS-Vendor} = noop

Mikrotik-Rate-Limit is equal to the calculated value so no need to call a CoA update.

But for Hotspot, Mikrotik-Rate-Limit is never in Accounting Request, so a CoA update is made in every interim update:

(25) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) {
(25) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) -> TRUE
(25) if (!&Mikrotik-Rate-Limit || &control:User-Rate != &Mikrotik-Rate-Limit) {
(25) update coa {
(25) EXPAND %{User-Name}
(25) --> test@southnet
(25) &User-Name = test@southnet
(25) EXPAND %{Framed-IP-Address}
(25) --> 10.5.50.254
(25) &Framed-IP-Address = 10.5.50.254
(25) &Mikrotik-Rate-Limit := &control:User-Rate -> '2048k/16384k'

Is there a way to configure Mikrotik to send Mikrotik-Rate-Limit in accounting requests?

Who is online

Users browsing this forum: jebz and 114 guests