Hello,
Is the following scenario possible with the RouterOS software:
Router functions, who keeps traffic logs on a MAC-address basis. Each
MAC-address is able to use an absolute volume of 4 GB per month. After
his limit is reached he is either denied access to outside networks (the
internet) or traffic is shaped so he is only able to reach speeds of 16
kbps or something similar. Ofcourse when the new month starts, the MAC
address has no more limitations untill he reaches his 4 GB limit again.
Ofcourse, if other means other than MAC addresses are available, I'm open for them. The last thing I would like to resort to is to IP-address. It's easily changed. But maybe if there is an option somewhere to deny access to IP-addresses that weren't hand out by the DHCP server.
The setup is a basic router that's connected to the internet, and a local interface whichs, ironically, connects to the local network.
Thanks for your assistance,
Best Regards,
Glenn
-
-
rikerconsulting
just joined
- Posts: 21
- Joined:
- Contact:
-
-
rikerconsulting
just joined
- Posts: 21
- Joined:
- Contact:
Please tell me how. There's not wireless involved, both sides are just regular ethernet, nor do I use a radius server. The setup is that my parents have a place where students stay for the school year (I don't know what it's called in English. It's a dorm but not on a campus, we have a house with x rooms where the students rent them for a cheap price), and ofcourse they want internet. But we want to limit their usage, so they can't use up all of the traffic, because the line itself has a monthly usage limit.
I've already started experimenting with some firewall rules and scripts I found here lying around in the forum. These are not MAC-based however (on IP-address), and far from automatic. The ideal situation would be for every MAC address the same, but now I have to add a firewall rule for every IP address the server hands out, + if the user sets a static IP it's easily countered. And I also need a solution where the user can view his traffic...
I've already started experimenting with some firewall rules and scripts I found here lying around in the forum. These are not MAC-based however (on IP-address), and far from automatic. The ideal situation would be for every MAC address the same, but now I have to add a firewall rule for every IP address the server hands out, + if the user sets a static IP it's easily countered. And I also need a solution where the user can view his traffic...
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
I'm not going to install two computers so I would just have a radius server! These things cost money, the limit is one computer.what about using PPPoE? or PPTP for authentication? Then you could use a RADIUS setup and limit bandwidth that way and add another layer of authentication/security to the network...
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
sorry someone mentioned radius so i just took off with it.. but you could do it all on 1 Mikrotik box without a seperate radius server.I'm not going to install two computers so I would just have a radius server! These things cost money, the limit is one computer.what about using PPPoE? or PPTP for authentication? Then you could use a RADIUS setup and limit bandwidth that way and add another layer of authentication/security to the network...
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
Well without using radius you could setup the local interface w/ the ARP setting set to "reply-only" build a static ARP entry for your users, the users will always get the same IP address, you could setup simple queues and bandwidth limit based on IP address.I would like to know how to do mac based even if I have to setup a separate radius machine . I dont mind doing radius in a linux/bsd vmware box.
Thats one way to go and get radius without an additional machine .
That way any "unauthorized" users would have to know the IP address and MAC address of a user in order to gain access to the network.