Allied Telesis AT-WR4500 manual

you should first create a ppp chain and make jump rules that would put actual traffic to this chain). The same applies for HotSpot, but the rules will be created in hotspot chain

•Mikrotik-Mark-Id- firewall mangle chain name (HotSpot only). The RouterOS RADIUS client upon receiving this attribute creates a dynamic firewall mangle rule with action=jump chain=hotspot and jump-targetequal to the atribute value. Mangle chain name can have suffixes .in or .out, that will install rule only for incoming or outgoing traffic. Multiple Mark-id attributes can be provided, but only last ones for incoming and outgoing is used.

•Acct-Interim-Interval- interim-update for RADIUS client. PPP - if 0 uses the one specified in RADIUS client; HotSpot - only respected if radius-interim-update=receivedin HotSpot server profile

•MS-MPPE-Encryption-Policy- require-encryption property (PPPs only)

•MS-MPPE-Encryption-Types- use-encryption property, non-zero value means to use encryption (PPPs only)

•Ascend-Data-Rate- tx/rx data rate limitation if multiple attributes are provided, first limits tx data rate, second - rx data rate. If used together with Ascend-Xmit-Rate, specifies rx rate. 0 if unlimited. Ignored if Rate-Limitattribute is present

•Ascend-Xmit-Rate- tx data rate limitation. It may be used to specify tx limit only instead of sending two sequental Ascend-Data-Rateattributes (in that case Ascend-Data-Ratewill specify the receive rate). 0 if unlimited. Ignored if Rate-Limitattribute is present

•MS-CHAP2-Success- auth. response if MS-CHAPv2 was used (for PPPs only)

•MS-MPPE-Send-Key,MS-MPPE-Recv-Key- encryption keys for encrypted PPPs provided by RADIUS server only is MS-CHAPv2 was used as authentication (for PPPs only)

•Ascend-Client-Gateway- client gateway for DHCP-pool HotSpot login method (HotSpot only)

•Mikrotik-Recv-Limit- total receive limit in bytes for the client

•Mikrotik-Recv-Limit-Gigawords- 4G (2^32) bytes of total receive limit (bits 32..63, when bits 0..31 are delivered in Mikrotik-Recv-Limit)

•Mikrotik-Xmit-Limit- total transmit limit in bytes for the client

•Mikrotik-Xmit-Limit-Gigawords- 4G (2^32) bytes of total transmit limit (bits 32..63, when bits 0..31 are delivered in Mikrotik-Recv-Limit)

•Mikrotik-Wireless-Forward- not forward the client's frames back to the wireless infrastructure if this attribute is set to "0" (Wireless only)

•Mikrotik-Wireless-Skip-Dot1x- disable 802.1x authentication for the particulat wireless client if set to non-zero value (Wireless only)

•Mikrotik-Wireless-Enc-Algo- WEP encryption algorithm: 0 - no encryption, 1 - 40-bit WEP, 2 - 104-bit WEP (Wireless only)

•Mikrotik-Wireless-Enc-Key- WEP encruption key for the client (Wireless only)

•Mikrotik-Rate-Limit - Datarate limitation for clients. Format is: rx-rate[/tx-rate] [rx-burst- rate[/tx-burst-rate] [rx-burst-threshold[/tx-burst-threshold] [rx-burst-time[/tx-burst- time] [priority] [rx-rate-min[/tx-rate-min]]]] from the point of view of the router (so "rx" is client upload, and "tx" is client download). All rates should be numbers with optional 'k' (1,000s) or 'M' (1,000,000s). If tx-rate is not specified, rx-rate is as tx-rate too. Same goes for tx-burst-rate and tx-burst-threshold and tx-burst-time. If both rx-burst-threshold and tx-burst-threshold are not specified (but burst-rate is specified), rx-rate and tx-rate is used as burst thresholds. If both rx-burst- time and tx-burst-time are not specified, 1s is used as default. Priority takes values 1..8, where 1 implies the highest priority, but 8 - the lowest. If rx-rate-min and tx-rate-min are not specified rx-rate and tx-rate values are used. The rx-rate-min and tx-rate-min values can not exceed rx-rate and tx- rate values.

•Mikrotik-Group- Router local user group name (defines in /user group) for local users. HotSpot default profile for HotSpot users.

•Mikrotik-Advertise-URL- URL of the page with advertisements that should be displayed to clients. If this attribute is specified, advertisements are enabled automatically, including transparent proxy, even if they were explicitly disabled in the corresponding user profile. Multiple attribute