Hi,
I am using mikrotik hotspot gateway and th users are getting authenticated throw hotspot and getting ip addres throw dhcp. I have tried to limit their bandwidth but there is something wrong becouse they can still bypass the queie. When I add a hotspot user I put 65536 for 64 kbps limit and when I check in the firewall mangle I see that automaticlly hospot creates rules for the users and there is src adress of that user. I have tried with dst adress but it still doesnt work. Anyone that can answer my to my question please I would be very gratefull
Re: Need urgent help - Can't limit hotspot users
I guess you're trying to implement queue trees on a unit serving hotspot. Queue trees requires that packets be marked in mangle, each queue matched to a flow. Mikrotik hotspot uses mangle to identify authenticated users, based on src-addr and marked with 'hs-auth'. YOu will notice the dynamic mangle entries added after each user login. The Dynamic rules automatically are placed above whatever static you have and since the OS treats line line, yours will be disregarded making it difficult to create your flows. Your best shot is to use simple queues instead of queue trees.Hi,
I am using mikrotik hotspot gateway and th users are getting authenticated throw hotspot and getting ip addres throw dhcp. I have tried to limit their bandwidth but there is something wrong becouse they can still bypass the queie. When I add a hotspot user I put 65536 for 64 kbps limit and when I check in the firewall mangle I see that automaticlly hospot creates rules for the users and there is src adress of that user. I have tried with dst adress but it still doesnt work. Anyone that can answer my to my question please I would be very gratefull
Create your simple queues manually or assign by radius server.
Sonny.
No I did not add any queie manually in the queie section. I'm just adding a user in hotspot section and I chose a profile that I have made with a 64kbps limit. When a user is online I check in the Firewall mangle it looks that a user is limited on 64kbps but there is no dst adress only src adress. Users get's ip adresses from Mikrotik dhcp server and allso hotspot is build up on Mikrotik
When u set the bandwidth the hotspot profile, a simple queue entry is dynamically added. Check the simple queue when a user is connected (in winbox for example). You should have an antry added while user is online.No I did not add any queie manually in the queie section. I'm just adding a user in hotspot section and I chose a profile that I have made with a 64kbps limit. When a user is online I check in the Firewall mangle it looks that a user is limited on 64kbps but there is no dst adress only src adress. Users get's ip adresses from Mikrotik dhcp server and allso hotspot is build up on Mikrotik
There will also be a passthrough entry in mangle for the authenticated user. But will be deleted by the system when user logs off.
Sonny
In the simple queie list where all users are shown the bps doesnt change but when I double click on a user and see tha statistics it looks like this:
rates (tx/rx) 0 Bps
bytes (tx/rx) 0
packets (tx/rx) 0
total rate: 146 kbps (example)
total byte: 8795456 (example)
total packets: 39535 (example)
In the simple queie list where all users are shown the bps doesnt change but when I double click on a user and see tha statistics it looks like this:
rates (tx/rx) 0 Bps
bytes (tx/rx) 0
packets (tx/rx) 0
total rate: 146 kbps (example)
total byte: 8795456 (example)
total packets: 39535 (example)
Hello Valony,
I need more info on your setup. What's ur router OS version? Also send me the output of the following either telnet or terminal of winbox (preferably while a user is logged on):
>/ip hotspot profile print
>/queue simple print
Let's see the output... we can then take this further.
sonny.
I need more info on your setup. What's ur router OS version? Also send me the output of the following either telnet or terminal of winbox (preferably while a user is logged on):
>/ip hotspot profile print
>/queue simple print
Let's see the output... we can then take this further.
sonny.
Router Os version is 2.8.23
Here are the prints of both hotspot profiles and simple queues:
0 * name="default" shared-users=1 mark-flow="hs-auth"
login-method=enabled-address keepalive-timeout=2m
1 name="64-limit" shared-users=1 tx-bit-rate=65536 rx-bit-rate=65536
mark-flow="hs-auth" login-method=enabled-address keepalive-timeout=2m
2 name="32-limit" shared-users=1 tx-bit-rate=32768 rx-bit-rate=32768
mark-flow="hs-auth" login-method=enabled-address keepalive-timeout=2m
-------------------------------------------------------------------------------------
0 D name="<hotspot-Shkumbin_Ferizi>" target-address=192.168.0.2/32
dst-address=0.0.0.0/0 interface=all queue=default priority=8
limit-at=0/0 max-limit=65536/65536
1 D name="<hotspot-Basri_Breznica>" target-address=192.168.0.31/32
dst-address=0.0.0.0/0 interface=all queue=default priority=8
limit-at=0/0 max-limit=65536/65536
Here are the prints of both hotspot profiles and simple queues:
0 * name="default" shared-users=1 mark-flow="hs-auth"
login-method=enabled-address keepalive-timeout=2m
1 name="64-limit" shared-users=1 tx-bit-rate=65536 rx-bit-rate=65536
mark-flow="hs-auth" login-method=enabled-address keepalive-timeout=2m
2 name="32-limit" shared-users=1 tx-bit-rate=32768 rx-bit-rate=32768
mark-flow="hs-auth" login-method=enabled-address keepalive-timeout=2m
-------------------------------------------------------------------------------------
0 D name="<hotspot-Shkumbin_Ferizi>" target-address=192.168.0.2/32
dst-address=0.0.0.0/0 interface=all queue=default priority=8
limit-at=0/0 max-limit=65536/65536
1 D name="<hotspot-Basri_Breznica>" target-address=192.168.0.31/32
dst-address=0.0.0.0/0 interface=all queue=default priority=8
limit-at=0/0 max-limit=65536/65536
Your config looks ok and I really cannot see a problem. Sure you don't have entries in Queue trees that might cause this? Do not create any rule in queue tree matching flow "hs-auth". Also ensure u don't have static mangle rules that might interfere with hotspot. If you're sure of this, trying testing the simple queue independent of the hotspot system by moving all users to the default profile that has no restriction. Create a binding in dhcp to a clients mac (or simple put static on client pc), then setup a simple queue to this static ip address. Assuming for 192.168.0.3/32 create a simple queue and test.
>/queue simple add name=test target-address=192.168.0.3/32 max-limit=65536/65536
>/queue simple add name=test target-address=192.168.0.3/32 max-limit=65536/65536
Who is online
Users browsing this forum: 4l4R1, jason9456402 and 80 guests