Mikrotik's hotspot service is quite amazing considering what it costs. It does have some limitations though. One of these is the fact that you cannot set a data limit to the trial account, only a time limit.
Luckily there are a few workarounds for this, the original concept for this comes from www.mikrotik-routeros.com but I have corrected a couple of bugs and added some functionality.
Start by creating your FreeUser profile:
IP>HOTSPOT>USER PROFILES>ADD
Name: FreeUser
You can customize this as you like, my preference is to only allocate 512k of bandwidth to the free users
Create the following two scripts on your routerboard by going to SYSTEM>SCRIPTS>ADD
Script 1:
The first script is the one that checks if a user has reached your specified limit, you can change the limit in the second line of the script.
Name: limitdata
Script 2:
The second script resets the counters of all free users so that they can receive a new allocation.
Name: clearusers
You then need to add two scheduled tasks under SYSTEM>SCHEDULER:
The first task will determine how often a specific mac address' usage is reset. I run it at midnight every day, which means that in my example people can use 50MB per day for free.
The second task will determine how often the system will check if a user has reached the quota. I run it every ten seconds, but on a busy routerboard you may have to set this to a higher value:
You should now be able to have users use the predefined trial without needing a login. Just remeber to enable to trial option for your hotspot.
Luckily there are a few workarounds for this, the original concept for this comes from www.mikrotik-routeros.com but I have corrected a couple of bugs and added some functionality.
Start by creating your FreeUser profile:
IP>HOTSPOT>USER PROFILES>ADD
Name: FreeUser
You can customize this as you like, my preference is to only allocate 512k of bandwidth to the free users
Create the following two scripts on your routerboard by going to SYSTEM>SCRIPTS>ADD
Script 1:
The first script is the one that checks if a user has reached your specified limit, you can change the limit in the second line of the script.
Name: limitdata
#Set your dowload limit in MegaBYTES!
:local downloadlimitmb "50"
### You will not need to edit anything below this line ###
:local downloadlimit [($downloadlimitmb * 1048576)]
:local counter
:local datadown
:local username
:local macaddress
:foreach counter in=[/ip hotspot active find where user~"^[T][-].{17}"] do={
:set datadown [/ip hotspot active get $counter bytes-out]
:if ($datadown>$downloadlimit) do={
:set username [/ip hotspot active get $counter user]
:set macaddress [/ip hotspot active get $counter mac-address]
/ip hotspot user remove [/ip hotspot user find where name=$username profile=FreeUser]
/ip hotspot user add name=$username limit-bytes-out=$downloadlimit mac-address=$macaddress profile=FreeUser
/ip hotspot active remove $counter
:log info "Force logout on user: $username - Reached download quota"
}}
:local downloadlimitmb "50"
### You will not need to edit anything below this line ###
:local downloadlimit [($downloadlimitmb * 1048576)]
:local counter
:local datadown
:local username
:local macaddress
:foreach counter in=[/ip hotspot active find where user~"^[T][-].{17}"] do={
:set datadown [/ip hotspot active get $counter bytes-out]
:if ($datadown>$downloadlimit) do={
:set username [/ip hotspot active get $counter user]
:set macaddress [/ip hotspot active get $counter mac-address]
/ip hotspot user remove [/ip hotspot user find where name=$username profile=FreeUser]
/ip hotspot user add name=$username limit-bytes-out=$downloadlimit mac-address=$macaddress profile=FreeUser
/ip hotspot active remove $counter
:log info "Force logout on user: $username - Reached download quota"
}}
Script 2:
The second script resets the counters of all free users so that they can receive a new allocation.
Name: clearusers
:log info "Checking Users"
:local counter
:foreach counter in=[/ip hotspot user find profile="FreeUser" ] do={
/ip hotspot user remove $counter
}
:local counter
:foreach counter in=[/ip hotspot user find profile="FreeUser" ] do={
/ip hotspot user remove $counter
}
You then need to add two scheduled tasks under SYSTEM>SCHEDULER:
The first task will determine how often a specific mac address' usage is reset. I run it at midnight every day, which means that in my example people can use 50MB per day for free.
add disabled=no interval=1d name=ClearUsers on-event=clearusers policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2002 start-time=00:00:01
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/2002 start-time=00:00:01
The second task will determine how often the system will check if a user has reached the quota. I run it every ten seconds, but on a busy routerboard you may have to set this to a higher value:
add disabled=no interval=10s name=DataLimit on-event=limitdata policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=oct/07/2013 start-time=00:00:00
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=oct/07/2013 start-time=00:00:00
You should now be able to have users use the predefined trial without needing a login. Just remeber to enable to trial option for your hotspot.
Hi, i have tried setting this up exactly as above, but it doesn't work. can you assist?
ReplyDeleteI am happy to try to help. I need some more info though, what is the problem you are having?
Deletei created freeuser profile, as above.
Deletethen i added both scripts and scheduled clearusers to run in intervals of 24h and datalimit to run every 10 seconds. Both scripts work and have run according to schedule.
I assigned the freeuser profile as the hotspot trial user profile.
Users are able to use the trial, and the data speed limit (rate limit) is working perfectly, but the users arent getting disconnected when they have used more than 50mb.
To test this i cleared cookies and all active users, i then logged onto the trial (with data limit script set to 20mb) and started downloading a 50mb file, while doing some browsing, it didnt log me out at any point. What could i have done wrong?
Really appreciate the assistance!
Hi James,
DeleteThere was a wrong variable name in the "limitdata" script. I have fixed it, and it should now work. just replace your existing "limitdata" script with this one.
Thanks for pointing it out.
thanks so much, will give it a try and report back
ReplyDeleteHi Jurgens
ReplyDeleteI did try your script every thing works 100%. Just some thing to note the specified limit you put in is not a total limit.
Say you put in 50 it will allow the user to download 50MB and upload 50MB.
Thanks for the post
Hi there.
ReplyDeleteI'm having trouble making this script work
The limitdata only works when i change [($downloadlimitmb * 1048576)] to [($downloadlimitmb * 1000)]
But if i try to add one more zero then it does not work
The clearuser script works perfectly.
Any ideas?
Thank you
Hi Emile,
DeleteWhich version of ROS are you using?
Hi Jurgens.
DeleteFirst i tried it with 4.11, then with 6.11.
Now im running 6.20.
This comment has been removed by the author.
ReplyDeleteHi Jurgens,
ReplyDeleteSorry i did not understand how the script should work. I thought that is will create user with limit at logon but i see that it works as soon as the trail user hits the limit..
It took me awhile to figure it out.
Thank you for this great script.
It is exactly what I've been looking for. Thank you very much!
ReplyDeleteHi
ReplyDeleteI tried these scrips several times. But trial users don't kick out after allowed traffic limit and can continue using..
Would you please help me? :(
I need this
Thnaks
Can you confirm that the Scheduled tasks are running, check if the run count goes up.
DeleteHi, Can somebody help me with this?
DeleteI did everythig just like you said. but users exceed the limit :(
This comment has been removed by the author.
DeleteThe sheduler should run scripts. But when I check sheduler, it's counting run count but "limitdata" script does not count running. I think thats my problem. Can you help me through this?
DeleteHi,
ReplyDeleteDoes this set up work well with smartphones & tablets? Also, can the hotspot be applied to specific interfaces such as ether 3 or a Virtual AP?
Thanks.
Hi Amos,
DeleteIt works perfectly fine with Apple and Android devices, and you can run a hotspot on any interface you like.
hi.
ReplyDeletei try to use this script on RB750 with ROS 5.26 but it don't work. i set
:local downloadlimitmb "5"
but when a user downloading and i run this script, download don't stop.
pls help me
i have a mistake that i don't create the hotspot trial profile.
DeleteIt is exactly what I've been looking for. Thank you very much!
I am glad you figured it out!
Deletehi
ReplyDeletethis scrpits works fine but from time to time i see that my manually created users are gone.
i think this script deletes them
any suggestion ?
any idea about this script ?
ReplyDeleteit seems that i just affect the trial users, but i doesn't work.
##Download limit in MB - Editable
:local downquotamb "10"
##Set "Constants"
:local downquota [($downloadlimitmb * 1048576)]
:local tuser
:local datadown
:local mac
:local user
##loop through each active user
:foreach tuser in=[/ip hotspot active find] do={
:set user [/ip hotspot active get $tuser user]
:set mac [/ip hotspot active get $tuser mac-address]
:set datadown [ /ip hotspot active get $tuser bytes-out]
##if user is trial
:if ( $user=T-$mac) do={
:if ($datadown>$downquota) do={
##Remove Dynamic Trial User Acct and replace with tmp acct to disable trial access
/ip hotspot user remove [user find where name=$user]
/ip hotspot user add name=$user limit-bytes-out=$downquota mac-address=$mac
/ip hotspot active remove $tuser
:log info "Logged out $user - Reached download quota"
}}
If you have static users with the "FreeUser" profile, the second script will delete them. Could that explain your problem?
Deleteuse another profile for your manually created users.
DeleteHello Jurgens Krause,
DeleteI need basic Mikrotik firewall scripts to protect my Rb from viruses and outside attacks
Your help will be much appreciated
It may be a bit late,but I found the problem, I updated the tutorial, but what you need to change is the line that says:
Delete:foreach counter in=[/ip hotspot active find] do={
to:
:foreach counter in=[/ip hotspot active find where user~"^[T][-].{17}"] do={
It will now look for usernames that match trial usernames!
yeah
ReplyDeletei found a way to work around the bug in the script and wrote my own that works fine.
its a little bit different from yours especially in how it detects that a user is trial or not,a different profile named "Maxedout_prof" and a little :log info command to monitor every step that script goes through .
by the way i dont understand how your code works in this part (user~"^[T][-].{17}") dont you mind explaining a little bit ?
but thank you to put me in the straight line in the first place ...
.
Hi Mohsen,
DeletePlease share your solution with me, I always like to see alternative options to do the same task.
My solution uses a Regex expression to look for an active user where the username starts with a "T" followed by a "-" follow by 17 alphanumeric characters. I don't envision any non trial user accidentally matching that description.
Jurgen Krause
ReplyDeletePlease I need your assistance on how to configure my Mikrotik router to assign a specific Bandwidth speed and data size to our hotspot users per day. I have 10 users.
I am subscribed to a satellite, with:
- Download Speed of 5120Kbps
- Upload speed of 768Kbps
- Monthly download allowance of 20Gb
Please I want a situation where each day, the Mikrotik router will assign 512Kbps download speed to each hotspot users.
Also, it will give each hotspot user a daily maximum data download allowance of 90Mb each.
Thanks
Colonel A
Hi Jurgens
ReplyDeletePleaseon your third comment line , you mentioned that There was a wrong variable name in the "limitdata" script. I have fixed it, and it should now work. just replace your existing "limitdata" script with this one.
but i cant find the new update
Colonel
Hi
ReplyDeleteI tried to use your scripts on ROS5.20 exactly as mentioned , the "limitdata" script doesn't work at all
Hi Jurgens
ReplyDeleteAny advice on limiting trial users by time for instance let say a coffee shop at a church. For example the trial users would only have access between 8am and 10am?
Thanks
Coenraad