Page 1 of 1

Radius & max-limit + bug (probably)

Posted: Wed May 25, 2005 8:24 pm
by dusan
Hello,

How to provide max-limit parameter to simple queues using radius? If I use rate-limit attribute, I can set limit-at, burst time, threshold and time. Why not max-limit?

And additionally I made a bug, if I send this setting as attribute rate-limit from radius (hoping it could be working):

64k/128k 192k/192k 256k/256k 128k/128k 10/10

I got disconnected with error "pppoe,ppp,info <pppoe-ohk@kokikoki-195>: terminating... - could not add queue: no in-burst-time (6)".

After this action I'm not able to connect anymore, even if I correct the setting right to (was working previously):

64k/64k 256k/256k 128k/128k 10/10

with error: "pppoe,ppp,error could not add queue: already have such name (6)"

Until I reboot router, I'm unable to connect using pppoe.
Using 2.9rc4 on Routerboard500.

Other Radius/PPP issues

Posted: Thu May 26, 2005 5:57 pm
by dsovereen
We have found other RADIUS-related issues.

Port-Limit, which is used to identify how many times a user can log in, is ignored and overrides the system setting. We have One Login set to Yes in the PPP Profile. And in the RADIUS reply, we also say Port-Limit = 1. This way, if a Mikrotik is misconfigured and doesn't have One Login = Yes in the PPP Profile, they will be limited to one session anyway.

After upgrading from 2.8.27 to 2.9rc4, users began being able to log in multiple times. One user logged in literally hundreds of times (not certain why, obviously was there only once but had lots of old, lagging sessions showing up). These sessions used up all available IPs from the IP Pool.

Another bug: deleting the PPPoE sessions doesn't free up the IPs from the IP Pool. The only way to free them is to reboot Mikrotik.

I've reported these to support and hope they come out with a fix soon.

Dave

Re: Other Radius/PPP issues

Posted: Fri May 27, 2005 9:07 am
by normis
We have found other RADIUS-related issues.
Port-Limit, which is used to identify how many times a user
router os has never supported port limit. it is simply ignoring it
One Login = Yes in the PPP Profile
only works for local users, not for radius users. from the manual: only-one parameter is ignored if RADIUS authentication is used