Block LAN Access for suspend and restores on C5


#1

We have one “beta test sector” using a Mimosa A5C and using Mimosa C5 CPE’s. This month however, we had a customer that needed to be suspended (temporarily) for non-payment.
We looked at the AP as well as the CPE but were unable to figure out how to block the LAN access. Luckily, the customer came in and paid so it became a non-issue. hahahah

I was chatting w/ a Mimosa tech and he said it couldn’t be done.

The AP is tied to a Mikrotik router and then NAT’d (public) to our headend router. We aren’t tied to any type of radius server in the network. Just a L3 network…

But, in the future, I need to know how to do this. I posted on an old post and was told there are several ways to accomplish this task.

I would greatly appreciate help on this issue.


#2

Thanks for re-posting,

First off, it helps if you are running the latest firmware from Mimosa. (2.4.1)

Secondly, the way you want to do this depends on your network setup and what you want your customer experience to be like.

The easiest method to implement would probably be Access Control Lists in the A5.
Add the Client to the list (You will want the Customer IP or probably MAC Address) and set them to deny, Do this for TCP, UDP and if you are feeling extra paranoid, ICMP. Here is a link for a deeper explanation of this system: http://ap.help.mimosa.co/ap-ug-traffic-acl

Another almost as easy route is in the Traffic Shaping Plans in the A5.
Create 2 plans, 1 for your paying customers and 1 for the No-Paying Customers. Then move the various antennas to each plan as you like which then limits the customer. Another Link for deeper explanation: http://ap.help.mimosa.co/ap-ug-traffic-shaping-plans and the client settings http://ap.help.mimosa.co/ap-ug-clients-client-settings-240

Other options are network dependent and are more complicated, but give you options that are not available in the first two systems.

If you have a Radius Network then then 2.4.0 and later firmware let you use that for your traffic control, I don’t know much about it because we don’t use Radius. http://ap.help.mimosa.co/ap-ug-wireless-ssid240

If you know how to do VLAN stuff you can put people into “time out” with CPE Data VLAN: http://ap.help.mimosa.co/ap-ug-wireless-ssid240 and http://ap.help.mimosa.co/ap-ug-clients-client-settings-240 This allows you to do a warning page for those customers.

Where I work we do all of our bandwidth limiting in our Mikrotik routers that we have in each of our towers. This allows us to not have to remember who is connected where and gives us finer control of how we do bandwidth limiting and bursting. But this is a preference and one that many other people do not follow, there are reasons for doing it both ways.


#3

If you want I can explain how we do our Bandwidth limiting in Mikrotik, seeing as you are running a similar system as we are. I didn’t reread your post very closely so I missed that you were not running Radius. I guess technically the tech is right, you cannot turn off the data to the Ethernet port in the C5 (unlike Ubiquiti), but these other methods should work well enough.