Radius client and Bandwidth limiting
Can I limit bandwidth by the MAC address, using the radius client to to interface with a billing server, but without having to use PPPoE. That way the a specific radio would be set to the bandwidth limit without the customer having to log in. I would like to have the bandwidth limiting done at the mikrotik router that will be at the POP.
You can what you described with HotSpot MAC Authentication.
1. Enable Login by MAC and RADIUS Authentication.
2. Enter the CLient's MAC Address in the RADIUS/Billing Server.
They should be loged in if their MAC Address is Authorised by the RADIUS/Billing Server, otherwise the'll be presented with the HotSpot Login Page.
1. Enable Login by MAC and RADIUS Authentication.
2. Enter the CLient's MAC Address in the RADIUS/Billing Server.
They should be loged in if their MAC Address is Authorised by the RADIUS/Billing Server, otherwise the'll be presented with the HotSpot Login Page.
By using the login by mac address method, does that mean that the customer does not have to type in any passwords or user names ? Also, is there a way to not allow them access at all, instead of sending them to a login page. I'm basicly trying to create a solution that does not require the customer to do anything other than use the radio that was installed on their house. I would like to have a solution that will handle bandwith management in a way similar to canopy BAM or PowerNOC's BMU. I want to have a transparent bandwidth control device between my connection and netowrk.
The hotspot is what was suggested to me. I'm looking to have a transparent bandwidth controler that would interface with billing software (that has a radius server) without having to pay thousands of dollars. I would much rather pay $95 for L5 RouterOS. If i dont have to use the hotspot to get bandwidth control by MAC, that would be great. 
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
I'm looking into this as well. I want to limit bandwidth at each POP via MAC address, I use DHCP on the network so limiting via IP address is not a viable solution. I was looking into the RADIUS client features in mikrotik. If I used RADIUS to authenticate wireless users and also set the RADIUS server to pass rate limiting information, does this create simple queues on the local MT box?
(Reference: http://www.mikrotik.com/docs/ros/2.9/guide/aaa_radius)
(Reference: http://www.mikrotik.com/docs/ros/2.9/guide/aaa_radius)
It should acording to this: http://www.mikrotik.com/docs/ros/2.9/ip/dhcp. See Rate-Limit under DHCP Server Setup.
wildbill442, Yeah, it creates simple queues for it.
We're currently running an RB532 box at a tower site that's doing exactly this. We took it a step further by setting ARP on the wireless interface to reply-only, and then in the DHCP server, checked off Add ARP entry. (Then for customer CPE's, we have those sitting on private static IPs with static ARP entries for them in the RB532.)
This does several things for us. First, it gives us an on/off switch for customers. Secondly, it makes the network a little more secure by only allowing certain MACs; makes it more difficult for a non-customer to put up an antenna and get free internet access (should they know where to point it and what our IP addresses are). Third, it allows us to do bandwidth throttling by MAC, and give customers a public dynamic IP.
We're currently running an RB532 box at a tower site that's doing exactly this. We took it a step further by setting ARP on the wireless interface to reply-only, and then in the DHCP server, checked off Add ARP entry. (Then for customer CPE's, we have those sitting on private static IPs with static ARP entries for them in the RB532.)
This does several things for us. First, it gives us an on/off switch for customers. Secondly, it makes the network a little more secure by only allowing certain MACs; makes it more difficult for a non-customer to put up an antenna and get free internet access (should they know where to point it and what our IP addresses are). Third, it allows us to do bandwidth throttling by MAC, and give customers a public dynamic IP.
RADIUS only sends its' reply parameters (which include the bandwidth limiting settings) after a successful authentication, i.e. at the beginning of a session.
So to have new RADIUS settings get into effect, you have to wait for you customer to end his connection and login again. Or, you could terminate his connection and force him to re-login (depending on how urgent your changes are...).
Best regards,
Christian Meis
So to have new RADIUS settings get into effect, you have to wait for you customer to end his connection and login again. Or, you could terminate his connection and force him to re-login (depending on how urgent your changes are...).
Best regards,
Christian Meis
Only in CLI.