Is there any way to distinguish Unauthenticated traffic in a hotspot ?
Abhishek
Re: Marking Unauthenticated traffic in a Hotspot
Can you please come a little bit more closer or clear about what you are talking?Is there any way to distinguish Unauthenticated traffic in a hotspot ?
Abhishek
Re: Marking Unauthenticated traffic in a Hotspot
Hi
Trying to describe it.
I am running a hotspot . The external AAA is supplying Mikrotik-Group Attribute by which I am creating dynamic address-lists on which we are making different treatment in the Hotspot. The basic code is as follows for one Package-
There are more or less thirty of these packages.
In my case download traffic is getting perfectly restricted by the above rule, but I could not account for the upload traffic. The traffic shown in the Upload Queue tree is much much less than what is shown in the Interface Upload .
I am not sure if there is any wrong in the above code , that is why I was asking if there is any way to measure unauthenticated traffic in the hotspot , since if authenticated traffic is not Uploading so much traffic maybe there is some chance for the unauthenticated traffic to do the leakage.
Any help is welcome.
Abhishek
Trying to describe it.
I am running a hotspot . The external AAA is supplying Mikrotik-Group Attribute by which I am creating dynamic address-lists on which we are making different treatment in the Hotspot. The basic code is as follows for one Package-
Code: Select all
Hotspot User Profile -> BZKGROUP ( Mikrotik-Group Attribute Supplied by the AAA ) -> BZK ( Address List )
/ip firewall mangle
add chain=prerouting dst-address-list=BZK action=mark-connection new-connection-mark=BZKNORMALDOWN passthrough=yes
add chain=prerouting action=mark-packet new-packet-mark=BZK_NORMAL_DOWN connection-mark=BZKNORMALDOWN passthrough=no
add chain=prerouting src-address-list=BZK action=mark-connection new-connection-mark=BZKNORMALUP passthrough=yes
add chain=prerouting action=mark-packet new-packet-mark=BZK_NORMAL_UP connection-mark=BZKNORMALUP passthrough=no
/queue type
add kind=pcq pcq-classifier=dst-address pcq-rate=1M name=PCQ_BZK_NORMAL_DOWN
add kind=pcq pcq-classifier=src-address pcq-rate=1M name=PCQ_BZK_NORMAL_UP
/queue tree
add name=TOTAL_DOWNLOAD parent=ether2 max-limit=1024M
add name=BZK_NORMAL_DOWNLOAD parent=TOTAL_DOWNLOAD packet-mark=BZK_NORMAL_DOWN queue=PCQ_BZK_NORMAL_DOWN
add name=TOTAL_UPLOAD parent=ether1 max-limit=1024M
add name=BZK_NORMAL_UPLOAD parent=TOTAL_UPLOAD packet-mark=BZK_NORMAL_UP queue=PCQ_BZK_NORMAL_UP
In my case download traffic is getting perfectly restricted by the above rule, but I could not account for the upload traffic. The traffic shown in the Upload Queue tree is much much less than what is shown in the Interface Upload .
I am not sure if there is any wrong in the above code , that is why I was asking if there is any way to measure unauthenticated traffic in the hotspot , since if authenticated traffic is not Uploading so much traffic maybe there is some chance for the unauthenticated traffic to do the leakage.
Any help is welcome.
Abhishek
Re: Marking Unauthenticated traffic in a Hotspot
Hello! You managed to find a solution to the problem?