MikroTik

Hi,

I am using mikrotik hotspot gateway and th users are getting authenticated throw hotspot and getting ip addres throw dhcp. I have tried to limit their bandwidth but there is something wrong becouse they can still bypass the queie. When I add a hotspot user I put 65536 for 64 kbps limit and when I check in the firewall mangle I see that automaticlly hospot creates rules for the users and there is src adress of that user. I have tried with dst adress but it still doesnt work. Anyone that can answer my to my question please I would be very gratefull

Hi,

I am using mikrotik hotspot gateway and th users are getting authenticated throw hotspot and getting ip addres throw dhcp. I have tried to limit their bandwidth but there is something wrong becouse they can still bypass the queie. When I add a hotspot user I put 65536 for 64 kbps limit and when I check in the firewall mangle I see that automaticlly hospot creates rules for the users and there is src adress of that user. I have tried with dst adress but it still doesnt work. Anyone that can answer my to my question please I would be very gratefull

I guess you're trying to implement queue trees on a unit serving hotspot. Queue trees requires that packets be marked in mangle, each queue matched to a flow. Mikrotik hotspot uses mangle to identify authenticated users, based on src-addr and marked with 'hs-auth'. YOu will notice the dynamic mangle entries added after each user login. The Dynamic rules automatically are placed above whatever static you have and since the OS treats line line, yours will be disregarded making it difficult to create your flows. Your best shot is to use simple queues instead of queue trees.

Create your simple queues manually or assign by radius server.

Sonny.

No I did not add any queie manually in the queie section. I'm just adding a user in hotspot section and I chose a profile that I have made with a 64kbps limit. When a user is online I check in the Firewall mangle it looks that a user is limited on 64kbps but there is no dst adress only src adress. Users get's ip adresses from Mikrotik dhcp server and allso hotspot is build up on Mikrotik

No I did not add any queie manually in the queie section. I'm just adding a user in hotspot section and I chose a profile that I have made with a 64kbps limit. When a user is online I check in the Firewall mangle it looks that a user is limited on 64kbps but there is no dst adress only src adress. Users get's ip adresses from Mikrotik dhcp server and allso hotspot is build up on Mikrotik

When u set the bandwidth the hotspot profile, a simple queue entry is dynamically added. Check the simple queue when a user is connected (in winbox for example). You should have an antry added while user is online.
There will also be a passthrough entry in mangle for the authenticated user. But will be deleted by the system when user logs off.

Yes goldclick you are right and it looks like this when user is online:

name: <hotspot-johnsmith>

target adress: 192.168.0.11/32

Dst adress: 0.0.0.0/0

Interface: All

Limit at: 0/0

Max limit: 65536/65536

Bps: 0 bps/0 bps

great! if the bps is changing, then the system is managing bandwidth. You might consider using radius for hotspot authentication... you will better be able to specify different rates for download and upload.

Sonny.

Hi sonny,

bps is not changing at all. To use radius if it's about using different tx and rx rate that is no problem becouse I dont need that right now

Valony,

It's strange that bps is not changing. is this setup on ver 2.8 or 2.9beta?

Sonny.

Sonny

In the simple queie list where all users are shown the bps doesnt change but when I double click on a user and see tha statistics it looks like this:

rates (tx/rx) 0 Bps

bytes (tx/rx) 0

packets (tx/rx) 0


total rate: 146 kbps (example)

total byte: 8795456 (example)

total packets: 39535 (example)

Hello Valony,

I need more info on your setup. What's ur router OS version? Also send me the output of the following either telnet or terminal of winbox (preferably while a user is logged on):

>/ip hotspot profile print
>/queue simple print

Let's see the output... we can then take this further.

sonny.

Router Os version is 2.8.23

Here are the prints of both hotspot profiles and simple queues:


0 * name="default" shared-users=1 mark-flow="hs-auth"
login-method=enabled-address keepalive-timeout=2m

1 name="64-limit" shared-users=1 tx-bit-rate=65536 rx-bit-rate=65536
mark-flow="hs-auth" login-method=enabled-address keepalive-timeout=2m

2 name="32-limit" shared-users=1 tx-bit-rate=32768 rx-bit-rate=32768
mark-flow="hs-auth" login-method=enabled-address keepalive-timeout=2m

-------------------------------------------------------------------------------------


0 D name="<hotspot-Shkumbin_Ferizi>" target-address=192.168.0.2/32
dst-address=0.0.0.0/0 interface=all queue=default priority=8
limit-at=0/0 max-limit=65536/65536

1 D name="<hotspot-Basri_Breznica>" target-address=192.168.0.31/32
dst-address=0.0.0.0/0 interface=all queue=default priority=8
limit-at=0/0 max-limit=65536/65536

Your config looks ok and I really cannot see a problem. Sure you don't have entries in Queue trees that might cause this? Do not create any rule in queue tree matching flow "hs-auth". Also ensure u don't have static mangle rules that might interfere with hotspot. If you're sure of this, trying testing the simple queue independent of the hotspot system by moving all users to the default profile that has no restriction. Create a binding in dhcp to a clients mac (or simple put static on client pc), then setup a simple queue to this static ip address. Assuming for 192.168.0.3/32 create a simple queue and test.

>/queue simple add name=test target-address=192.168.0.3/32 max-limit=65536/65536

Hi Goldclick

I found the way how to do it but it is boring becouse I have to do it manually for every user.
In the target adress I put 0.0.0.0/0 and the dst adress must contain the adress of the user and all this has to be done manually in the simple queue and this works fine.