MikroTik

Community discussions
https://forum.mikrotik.com/

Marking Unauthenticated traffic in a Hotspot

https://forum.mikrotik.com/viewtopic.php?t=86260

Page 1 of 1

Marking Unauthenticated traffic in a Hotspot

Posted: Sat Jun 21, 2014 10:04 am
by netboyzin
Is there any way to distinguish Unauthenticated traffic in a hotspot ?

Abhishek

Re: Marking Unauthenticated traffic in a Hotspot

Posted: Sat Jun 21, 2014 11:38 pm
by Kreacher
Is there any way to distinguish Unauthenticated traffic in a hotspot ?

Abhishek
Can you please come a little bit more closer or clear about what you are talking?

Re: Marking Unauthenticated traffic in a Hotspot

Posted: Tue Jun 24, 2014 8:47 am
by netboyzin
Hi
Trying to describe it.

I am running a hotspot . The external AAA is supplying Mikrotik-Group Attribute by which I am creating dynamic address-lists on which we are making different treatment in the Hotspot. The basic code is as follows for one Package-
Code: Select all

Hotspot User Profile -> BZKGROUP ( Mikrotik-Group Attribute Supplied by the AAA )  -> BZK ( Address List )
/ip firewall mangle 
add chain=prerouting dst-address-list=BZK  action=mark-connection new-connection-mark=BZKNORMALDOWN passthrough=yes 

add chain=prerouting action=mark-packet new-packet-mark=BZK_NORMAL_DOWN connection-mark=BZKNORMALDOWN passthrough=no

add chain=prerouting  src-address-list=BZK action=mark-connection new-connection-mark=BZKNORMALUP passthrough=yes 

add chain=prerouting action=mark-packet new-packet-mark=BZK_NORMAL_UP connection-mark=BZKNORMALUP passthrough=no

/queue type

add kind=pcq pcq-classifier=dst-address pcq-rate=1M 	name=PCQ_BZK_NORMAL_DOWN
add kind=pcq pcq-classifier=src-address pcq-rate=1M 	name=PCQ_BZK_NORMAL_UP

/queue tree
add name=TOTAL_DOWNLOAD parent=ether2 max-limit=1024M
add name=BZK_NORMAL_DOWNLOAD parent=TOTAL_DOWNLOAD packet-mark=BZK_NORMAL_DOWN queue=PCQ_BZK_NORMAL_DOWN

add name=TOTAL_UPLOAD parent=ether1 max-limit=1024M
add name=BZK_NORMAL_UPLOAD parent=TOTAL_UPLOAD packet-mark=BZK_NORMAL_UP queue=PCQ_BZK_NORMAL_UP
There are more or less thirty of these packages.

In my case download traffic is getting perfectly restricted by the above rule, but I could not account for the upload traffic. The traffic shown in the Upload Queue tree is much much less than what is shown in the Interface Upload .
I am not sure if there is any wrong in the above code , that is why I was asking if there is any way to measure unauthenticated traffic in the hotspot , since if authenticated traffic is not Uploading so much traffic maybe there is some chance for the unauthenticated traffic to do the leakage.

Any help is welcome.

Abhishek

Re: Marking Unauthenticated traffic in a Hotspot

Posted: Sat Nov 14, 2015 5:08 pm
by mo1seev
Hello! You managed to find a solution to the problem?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/