Can anyone tell me how to setup Radius to limit customers on a Mikrotik hotspot, to a specified maximum period of time (ie, 5 minutes, 1 hour or 10 hours)?

We are using freeradius and have been unable to find a method to notify the mikrotik hotspot that the customer is limited to 5 minutes instead of whatever their max session time is.

We want to sell time to customers in minutes, hours, etc. Or give free 5-15 minutes upon registration, then require the customer to pay for additional time in minutes, hours, days or months.

Also, can anyone tell us how to disconnect a hotspot user via radius, without logging into the remote hotspot. We have about 50 hotspots going into deployment and all spread over a large area. We need a fast way to disconnect a user if they 1) haven't paid their bill, 2) have a virus and 3) are spamming, 4) should be disconnected for any other reason that we choose.

I suspect to limit the customer maximum uptime, we simply need to set a proper dictionary name/variable, but we've been unable to locate the proper syntax.

Thanks,
贾德

maximum uptime is a bit tricky. please think of it: router must not remember any information about radius users between sessions, and router is not able to modify radius datbase, so scripts on the radius server itself must be implemented to decrease the session timeout each time user logs out. radius server is also abe to disconnect any client in any given time if incoming radius protocol is enabled in the router ("/radius incoming" menu).

Can you point me to any Freeradius mods that will allow us to set a max monthly limit?

We used to use ICradius, but its now very out of date. ICradius used to support a max-monthly-limit in minutes, which would do exactly as you describe, it would automatically change the max-session-time to match whatever the remaining time is left in the max-monthly-limit, if max-monthly-limit <= max-session time.

Can you explain the incoming radius server configuration with Freeradius and Mikrotik? I understand what your saying, but I have no idea where to begin to configure Freeradius to disconnect users by logging into the MT incoming radius server.

Can we simply send a command to the MT incoming radius? What name/value pairs are accepted? What protocol is used to connect? Is the incoming radius simply an MT internal radius server?

Thanks,
贾德[/quote]

The feature is calles RADIUS CoA (Change-of-Authorization) and is described in RFC3576.

I've just finished a similar solution based on RouterOS, RADIATOR Radius and MS SQL server.

For each user in the database they have a maximum uptime column which records their proposed uptime in seconds. When they begin a session I set the timeout value to match this uptime. When they logout there is a trigger on the accounting table which decrements the uptime in the users table depending on how long their session lasted. The result being their uptime reduces after each session.

Using Triggers on interim accounting messages it's also possible to warn the user when they are approaching their disconnect limit (either on data or time limit).