MikroTik

Hi

Is there any way to deny the Mikrotik-Rate-Limit Attribute supplied by an external AAA Server , in an Hotspot ?

The hotspot tends to create a simple queue by receiving this attribute , it should drop this attribute supplied by the external AAA. The external AAA is also generating Mikrotik-Group Attribute which will be received by the Hotspot instead.

Any help is welcome.

Abhishek

Assuming you have control of the AAA server, the simplest thing to do is modify its query or underlying data so that it does not return the MikroTik-Rate-Limit attribute.

If necessary, you can get into RADIUS virtual servers and using the realm option on your MikroTik unit to indicate which RADIUS server should process the request (so that you can have certain requests return the MikroTik-Rate-Limit attribute, but not hotspot requests). We do that with our FreeRADIUS backend, so that hotspot requests and dhcp requests get slightly different responses back for the same user.

Thanks for your reply.

We have a number of Mikrotik hotspots running , some of them are getting Mikrotik-Rate-Limit attribute which results in creation of simple queues corresponding to the authenticated subscriber , whereas some of the other hotspots running using PCQs ( rather, should run using PCQs ) . These PCQs are created using Mikrotik-Group Attribute again supplied by the Radius Server. These Mikrotik-Rate-Limit and Mikrotik-Group VSA is added to the same service profile in AAA. What we exactly want is , the Hotspots which should run using PCQs should not receive the Mikrotik-Rate-Limit Attribute from the AAA at all.

Or to put the matter differently, whatever be the attributes received by the hotspots, is there any way to stop formation of Simple Queues when a user is logged in the hotspot?

As of realms, I am checking with my AAA vendor if they can handle it.

Abhishek

If you are looking to have it happen on the router, write a script that will periodically delete all simple queues, or all simple queues that are dynamic.

Otherwise, you should be able to have a different profile in your Radius server for a location, and have different attributes assigned to it, such that the specific profile doesn't have the rate-limit attribute, so it doesn't return that with an access-accept.

what will be the script to delete simple queue with the name <hotspot-******> ???

/queue simple remove [find where (dynamic=yes && name~"hotspot")];

Wow, all the script on one row...

Thanks Mate !!!

My Code ::

/queue simple remove [find name~"<hotspot-"]

Abhishek

Thanks Mate !!!

My Code ::

/queue simple remove [find name~"<hotspot-"]

Abhishek

Use full syntax is smater than use compact and possible not supported on the future:

/queue simple remove [find where name~"<hotspot-")];

and this
dynamic=yes
are added to remove only dynamic created rules.