Table of Contents
RADIUS: Building Reply Attributes
Updated
by Alex Moore
Read Time: 3 mins
Prerequisites
To control (rate-limit) the speed of a CPE device on your network edge, you will first require an active RADIUS server that is configured to provide AAA services to your network. If you haven't done so yet, please follow this link to learn how to configure a RADIUS server for use with Sonar.
Overview
To effectively manage your network edge policies, Sonar uses RADIUS groups that aggregate user accounts, device types, and account statuses with custom RADIUS attributes and/or Vendor-Specific Attributes (VSAs).
You can find an article here about configuring RADIUS groups for generic uses. This article will show the example of rate limiting for different data services.
The examples below are specific to MikroTik devices as they use different RADIUS attributes to rate limit compared to other vendors. Please look up your vendor-specific attributes for whichever vendors NAS device or appliance you will be using.
Be sure to set your Change Of Authority settings in your RADIUS / Sonar configuration in order to propagate delinquency rules appropriately.
Rate Limiting Based on Data Service
Scenario: Your ISP sells different internet packages, and you want to apply different rate limits with RADIUS policies for customers with a particular package.
Please refer to this article for building your desired data services, once your services are defined follow the rest of the instructions here to apply RADIUS based rate limits.
For our example, we will use a data service named Gold Internet
- Navigate to Settings > Networking > RADIUS, and click on the CREATE button.

- Give the group an appropriate name. In our example we'll be using "Gold Internet Rate Limit".
- Assign a priority to the group - in the event multiple policies apply that might conflict, the lower priority number will take precedence.
- Ensure Fall through is enabled to continue processing rules after evaluation.
- Set the Account Status to "All account statuses".
- Set Delinquency to "Current" as the rate limit will typically only apply to accounts in good standing.
- Select the data service to apply the RADIUS Group to. In our case, we're selecting "Gold Internet"
- Click the 'CREATE' button to create the new policy.

Now that the policy is created, we will need to specify the appropriate rate limiting property for your NAS device, you will need to look up your vendor's particular attributes as they're not standardized. For the sake of our example we will tailor it to a MikroTik NAS.
- Click the 'Create RADIUS Group Reply Attribute' for the new group.
- Set the name to your vendor's rate-limiting attribute. You can look up your vendor's RADIUS VSA's for a dictionary of attributes supported by your NAS, but in our case we'll be using rx-rate.
- Set the operator to "=".
Details
=
Adds the item to the reply list, but only if there is no other item of the same attribute.:=
Replaces any attribute of the same name. If no attribute of that name appears in the request, then this attribute is added.+=
Adds the current attribute with value to the list of reply items.- Set the value to the desired limited bit rate (in bits/sec). Consult your vendor documentation for formatting.
- Click the Create button.
Sonar will immediately apply the policy to the defined data services package.
Example Attributes by Vendor
Below is a short list of vendors and their default rate shaping attribute names:
Vendor | Attribute(s) | Notes |
MikroTik | rx-rate, tx-rate | in bits/sec, or append k or m |
Cisco | Cisco-Avpair | Example Value: lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop The three sets of numbers are bps, burst-normal, burst-max. |
Ubiquiti | WISPr-Bandwidth-Max-Up WISPr-Bandwidth-Max-Down | in bits/sec |