|Document revision:||2.2 (February 6, 2008, 1:40 GMT)|
Authentication, Authorization and Accounting feature provides a possibility of local and/or remote (on RADIUS server) Point-to-Point and HotSpot user management and traffic accounting (all IP traffic passing the router is accounted; local traffic acocunting is an option).
SpecificationsPackages required: system
License required: Level1
Submenu level: /user, /ppp, /ip accounting, /radius
Standards and Technologies: RADIUS
Hardware usage: Traffic accounting requires additional memory
Local IP Traffic AccountingSubmenu level: /ip accounting
As each packet passes through the router, the packet source and destination addresses are matched against an IP pair list in the accounting table and the traffic for that pair is increased. The traffic of PPP, PPTP, PPPoE, ISDN and HotSpot clients can be accounted on per-user basis too. Both the number of packets and the number of bytes are accounted.
If no matching IP or user pair exists, a new entry will be added to the table.
Only the packets that enter and leave the router are accounted. Packets that are dropped in the router are not counted. Packets that are NATted on the router will be accounted for with the actual IP addresses on each side. Packets that are going through bridged interfaces (i.e. inside the bridge interface) are also counted correctly.
Traffic, generated by the router itself, and sent to it, may as well be accounted.
Property Descriptionaccount-local-traffic (yes | no; default: no) - whether to account the traffic to/from the router itselfenabled (yes | no; default: no) - whether local IP traffic accounting is enabledthreshold (integer; default: 256) - maximum number of IP pairs in the accounting table (maximal value is 8192)
For bidirectional connections two entries will be created.
Each IP pair uses approximately 100 bytes
When the threshold limit is reached, no new IP pairs will be added to the accounting table. Each packet that is not accounted in the accounting table will then be added to the uncounted counter!
Enable IP accounting:
[admin@MikroTik] ip accounting> set enabled=yes [admin@MikroTik] ip accounting> print enabled: yes account-local-traffic: no threshold: 256 [admin@MikroTik] ip accounting>
Local IP Traffic Accounting TableSubmenu level: /ip accounting snapshot
When a snapshot is made for data collection, the accounting table is cleared and new IP pairs and traffic data are added. The more frequently traffic data is collected, the less likelihood that the IP pairs thereshold limit will be reached.
Property Descriptionbytes (read-only: integer) - total number of bytes, matched by this entrydst-address (read-only: IP address) - destination IP addressdst-user (read-only: text) - recipient's name (if aplicable)packets (read-only: integer) - total number of packets, matched by this entrysrc-address (read-only: IP address) - source IP addresssrc-user (read-only: text) - sender's name (if aplicable)
Usernames are shown only if the users are connected to the router via a PPP tunnel or are authenticated by HotSpot.
You should "take" snapshot in order to review the current state of the table by issueing the take command. Before the first snapshot has been taken, the table is empty.
To take a new snapshot:
[admin@MikroTik] ip accounting snapshot> take [admin@MikroTik] ip accounting snapshot> print # SRC-ADDRESS DST-ADDRESS PACKETS BYTES SRC-USER DST-USER 0 192.168.0.2 220.127.116.11 474 19130 1 192.168.0.2 10.0.0.4 3 120 2 192.168.0.2 18.104.22.168 32 3142 3 22.214.171.124 192.168.0.2 26 2857 4 10.0.0.4 192.168.0.2 2 117 5 126.96.36.199 192.168.0.2 2 136 6 192.168.0.2 188.8.131.52 1 40 7 184.108.40.206 192.168.0.2 835 1192962 [admin@MikroTik] ip accounting snapshot>
Web Access to the Local IP Traffic Accounting TableSubmenu level: /ip accounting web-access
The web page report make it possible to use the standard Unix/Linux tool wget to collect the traffic data and save it to a file or to use MikroTik shareware Traffic Counter to display the table. If the web report is enabled and the web page is viewed, the snapshot will be made when connection is initiated to the web page. The snapshot will be displayed on the web page. TCP protocol, used by http connections with the wget tool guarantees that none of the traffic data will be lost. The snapshot image will be made when the connection from wget is initiated. Web browsers or wget should connect to URL: http://routerIP/accounting/ip.cgi
Property Descriptionaccessible-via-web (yes | no; default: no) - wheather the snapshot is available via webaddress (IP address/netmask; default: 0.0.0.0) - IP address range that is allowed to access the snapshot
To enable web access from 10.0.0.1 server only:
[admin@MikroTik] ip accounting web-access> set accessible-via-web=yes \ \... address=10.0.0.1/32 [admin@MikroTik] ip accounting web-access> print accessible-via-web: yes address: 10.0.0.1/32 [admin@MikroTik] ip accounting web-access>
Uncounted ConnectionsSubmenu level: /ip accounting uncounted
In case no more IP pairs can be added to the accounting table (the accounting threshold has been reached), all traffic that does not belong to any of the known IP pairs is summed together and totals are shown in this menu
Property Descriptionbytes (read-only: integer) - byte countpackets (read-only: integer) - packet count
See the uncounted packets:
[admin@MikroTik] ip accounting uncounted> print packets: 0 bytes: 0 [admin@MikroTik] ip accounting uncounted>