bandwidth allocation from Mikrotik

ravin · Sat Mar 24, 2007 8:34 am

I want to give 1 Mbps dedicated connection to one of our clients from mikrotik without any authentication. How can I go about it ?

thanx

ashisheitl · Sat Mar 24, 2007 8:58 am

/queue simple
add name=customer target address=X.X.X.X/X limit at 1024000/1024000 max limit = 1050000/1050000

Set the priority=1

ravin · Sat Mar 24, 2007 2:46 pm

thanks for ur prompt reply.

have added that queue. but can't access net. Some firewal settings hv to be done I suppose.

mneumark · Sun Mar 25, 2007 8:12 am

Ravin,

If your clients are using the ip address of the router you will need to masquerade your public ip address. This site will help you if this is the situation http://www.mikrotik.com/testdocs/ros/2.9/ip/nat.php

abab_rafiq · Sun Mar 25, 2007 1:40 pm

thanks for ur prompt reply.

have added that queue. but can't access net. Some firewal settings hv to be done I suppose.

May be at your forward chain that IP is blocked allow that IP as

[admin@server] >ip firewall filter> add chain=forward src-address=X.X.X.X action=accept

BEFORE YOU DROP RULE !!!

Rafiq...

ravin · Mon Mar 26, 2007 12:09 pm

It's working now.

New problem is that anyone can put any IP address from above pool and Gateway as 10.1.1.1 (ip address of local interface), DNS settings and he can surf the net without authentication.

Why this is happening ? This way my entire bandwidth will be used by bad users.

Mon Mar 26, 2007 12:19 pm

do you use wireless or ethernet? in case of wireless you can use security and access lists, in case of ethernet, make sure noone has access to your switches and use ip/mac binding.

chiefbmr · Tue Mar 27, 2007 3:52 am

You could also add another queue and set limit to like 10K for the entire interface and put at the bottom of the queue list. That way all other IPs not listed would have only 10k of bandwidth. But you would still have to worry about them guessing an IP that has a higher queue which would cause IP conflicts. So the IP/MAC binding metioned before would work better.

ravin · Tue Mar 27, 2007 8:29 am

I'm using wireless and ethernet both. but for giving dedicated line its on ethernet. as you mentioned I can block access to switches and ip/mac binding, can you give me an example/or explain how can I do it. coz while creating queue there is no option of entering mac.

pedja · Tue Mar 27, 2007 9:28 am

Check manual about ARP list.

Pay attention that some AP clients block MAC information so ARP binding cannot work.