* Please Note: As of Mikrotik RouterOS 7.x. IP Accounting functionality has been removed and is unavailable as a function on Datatill.
1. Overview:
1. Radius-Based Tracking
DataTill typically uses Radius Accounting to monitor individual user data usage. This requires a radius account in DataTill and an active PPPoE session on the network router. FreeRADIUS generates accounting data, which DataTill processes to manage usage. Once a user’s cap is reached, their PPPoE authentication is blocked, or speed is throttled using radius attributes.
2. IP Accounting Method
With IP Accounting, PPPoE and FreeRADIUS are not involved. Instead, usage is pulled directly from the High Site router using MikroTik’s IP Accounting feature. This method keeps a memory-based table of each source and destination IP pair, allowing DataTill to track traffic without a dial-up session.
3. Speed Control via Static Queues
To enforce speed limits, static queues are configured on breakout routers for each user’s fixed IP address. These adjustments occur when users reach their data limits. IP addresses are managed through predefined lists assigned to High Site routers, ensuring no conflicts and enabling selection of available IPs for each user account.
4. Suspension and Blocking Rules
Capped or suspended accounts are controlled via firewall rules on breakout routers. Traffic from affected users is redirected based on special address lists, making accurate router firewall setup essential to maintain proper enforcement.
2. Enabling the IP Accounting module in DataTill:
The IP Accounting module can be turned on or off on a global level. If the module is disabled, there will be no IP Accounting switches or settings visible on the system.
To enable the IP accounting module in DataTill, go to “Devices” > “Device Monitoring Setup” and then click on the “IP Accounting” option.
You will see the following on the screen once it has finished loading:
Click on the “Enable. MikroTik IP Accounting” button to enable the module. After the MikroTik
IP Accounting function has been enabled; more settings will appear.
Important Notes for IP Accounting:
DataTill enables IP Accounting on each MikroTik router using the API, pulling usage data from the highsite router for accuracy. Speed queues are auto-created where the user’s IP was last seen. To switch a radius account to IP Accounting, ensure a static IP is assigned—this links usage data correctly.
2.1. IP Accounting Settings:
2.1.1. Default IP Pair Threshold:
Set the IP Pair Threshold here. Older routers or those with outdated firmware may support lower limits, while newer models typically allow higher thresholds. For optimal performance, use the maximum allowed pairings. See Section 3 for details.
2.1.2. Fetch Method:
There are three distinct methods available. To fetch IP accounting information from the routers:
- MikroTik API
- Router Accounting URL
- Router Scheduler Script and FTP
The selected Fetch Method acts as the default for all routers but can be overridden individually if needed. For details on choosing a fetch method, see Section 4 – Monitoring & Collecting IP Accounting Data.
2.1.3. Default Web URL Port:
This section applies only when using the Router Accounting URL as your fetch method. The default port is 80, but if you’ve manually changed the router’s settings, ensure the port in IP Accounting setup matches accordingly.
Once set, the default port auto-applies to new devices added to the network. Keep in mind—individual routers may use different ports if manually configured.
2.1.4. Default Scheduler File Creation Interval:
This applies only when using the Router Scheduler Script & FTP Fetch Method. The value sets the extraction period in seconds—ideally no more than 60 seconds, matching the system’s cron job interval.
Shorter extraction times increase the number of files pulled from the router, adding strain to the server. Longer intervals may miss traffic data—especially on busy lines—so balance carefully based on network activity.
2.1.5. User Data for Traffic Identification:
When enabled (together with extended usage logging) all traffic will be logged for classification, including radius, hotspot, etc., not just IP Accounting based accounts. The traffic will be stored in the stats database and the breakdown will be available in each customer’s usage portal as well as the system usage report.
Example:
Apple, Browsing, Facebook, Google, Mail, Video, Other and Unclassified.
The intensity of the analysis can be configured under the extended logging system settings. Please note that this will however add significant processing overhead to the server.
2.1.6. Fetch IP Accounting Data from All MikroTik Routers:
When enabled all Mikrotik devices defined under Network Devices will be scanned for IP Accounting data. The frequency of the scans can be configured via the relevant cron job When disabled you need to enable IP accounting on each individual Network Device and configure the device accordingly.
Please note that if a highsite router is assigned to a specific user who has the IP Accounting enabled, that the IP Accounting will then automatically be enabled for the High site router.
2.1.6.1. Enable All MikroTik Routers:
If you would like to enable the “Fetch IP Accounting Data from all MikroTik Routers” toggle switch. Once enabled, a scheduled job will try to pull accounting information from all MikroTik routers defined in the system.
2.1.6.2. Enable Individual MikroTik Routers:
For more information on how to enable and disable individual MikroTik routers, please refer to 3.1 and 3.2.
2.1.7. NTP Timer Server IP:
All exported router files are stored locally, named by date and time—so the router’s clock must be accurate. Set up a time server (preferably within your network), then enter its IP in the NTP Time Server IP field and click Update. This is mandatory for all ISPs using IP Accounting.
If enabling routers individually, click Update Router on each one to sync settings. This action also applies the NTP time setting automatically to that specific router.
2.2. Capped Page Setup:
Capped packages using IP Accounting are managed via one or more routers—usually breakout routers. To enforce caps, ensure the firewall is configured; without it, customers won’t be blocked and will continue browsing.
We suggest that you set up your routers.
firewalls in one of the following ways:
- Either block the customer off the internet.
- Redirect the customer to a hotspot which will enable them to top-up.
- Redirect the customer to a proxy with a static page.
| Green: | In the green section, you can choose whether you want to enable the capped IP address lists. |
| Red: | In this section, you will add a name for your capped lists. DataTill will automatically add all capped IP Addresses as well as automatically remove all IP addresses that has been topped up. |
| Yellow: | Here you will select the routers on which your capped lists should be maintained. This will usually be your breakout routers. Example: NAS.FF.0002-101.10.0.199 |
2.3. Blocked Page Setup:
If enabled the address list defined below will be maintained on the routers below with the IP addresses of capped data accounts.
Note: Manually added IPs with comments won’t be removed when data accounts are uncapped. Only capped IP Accounting and Radius accounts with fixed IPs and data products that are not uncapped or set to auto rollover will be included.
2.3.1. Blocked Address List Name:
This will be the name of the blocked address list on each router.
2.3.2. Devices:
This will be the devices (Mikrotik Routers) on which to maintain the blocked address list.
2.4. Dynamic IP Queue Setup:
Just like with capped pages, queue setup is managed via breakout routers. If not configured correctly, speed limits won’t apply. You can set up capped and speed queues on the same router or across multiple routers.
If enabled individual queues will be maintained for each user IP on the routers below. If disable, then no speed limits will be enforced for IP Accounting based user accounts.
| Blue: | In this section, you can choose whether you want to enable or disable the queue. |
| Purple: | In this section, you will add a name to your capped lists. DataTill will automatically add all capped IP Addresses as well as automatically remove all IP addresses that has been topped up. |
Please note that DataTill has a background job that resets all queues to their original state every 5 minutes. After your changes have been made, please click on the “Update” button to save your changes.
3. MikroTik Router Configuration Management:
DataTill periodically checks all routers configured for IP Accounting and auto-enables settings if missing. If the schedule script method is enabled, it also verifies that the correct script and schedule are defined on each router.
To find a list of all network devices, go to “Devices” > “Network Devices” and then click on the “Network Devices” option.
Once the screen loads, locate the router you want to enable IP Accounting for. Click the blue edit button on the right, then go to the IP Pools section to add or edit the IP Pool.
3.1. Enabling Routers Individually:
After clicking on the edit button found on the right-hand side of the device, you will the following pop-up screen. Click on the “IP Accounting” tab to start editing the specific router properties.
| Red: | In this section, you can enable the IP Accounting functionality for the specific device. |
| Yellow: | Set the IP Pair Threshold based on your router’s capabilities—older models may need lower limits, while newer ones support higher thresholds. Using the maximum value is ideal, but if unsupported, an error will appear when clicking Update Router. |
| Dark blue: | In this section, you can choose the fetch method. |
| Purple: | This is where you need to add the scheduler file creation interval. This can be anything from 10 – 60 seconds. |
| Black: | After filling in all the details, it is crucial that you first click on the “Update Router” button before. |
| Green: | In this section, you will be able to view all IP accounting files that have been extracted from this specific router. |
After all details have been filled in and you have clicked on the update router button, click on the “Save Changes” button.
3.2. Disabling Routers Individually:
After clicking on the edit button found on the right-hand side of the device, you will the following pop-up screen. Click on the “IP Accounting” tab to start editing the specific router properties.
| Red: | To disable the router for IP Account tracking, ensure that the toggle switch is on “Off”. |
| Purple: | Click on the “Update Router” button to ensure changes are saved to the router. |
| Green: | After your changes has been made and you have clicked on the update router button, click on the “Save Changes” button. |
3.3. Maintaining User Speed Limits:
All customer queues and caps must be correctly set up on the breakout router, as they’re managed via the customer’s IP address. While helpdesk agents can make temporary changes, DataTill resets queues to their original configuration every five minutes—so the base setup must be accurate.
DataTill will only allow the following factors to influence the customer’s queue:
- Package Changes
- Capped Packages
- Top-ups
- Uncapped Packages
- Soft-capped Packages
- Adding New Accounts
- Expiring Accounts
3.3.1. Capped Accounts:
Each IP Accounting user has an IP-based queue on the router. Speed changes or caps update the queue automatically, but updates may take up to two minutes due to background processing.
3.3.2. Sub Accounts:
When sub-user accounts share a package, DataTill creates a multi-IP queue linking parent and child IPs. Shared speed and data limits are enforced by MikroTik—this works only if all accounts use the same breakout router.
3.3.3. Hard Capped & Suspended Accounts:
Blocked accounts—whether hard capped, suspended, or expired—are redirected by firewall rules on breakout routers to a static web proxy page. DataTill handles this automatically by updating the IP address lists linked to those rules.
4. IP Accounting Usage Tracking:
To read IP Accounting usage, the MikroTik router must have IP Accounting enabled. Once active, the router stores a temporary table of IP pairs—source, destination, and data used. This table is cleared after each read and can hold up to 8192 entries by default, though some routers support higher limits (up to 262144). If the maximum is reached, newer data is discarded, so usage must be read frequently to prevent loss.
4.1. Queue Selection in DataTill:
On the router, each IP Accounting user’s queue is identified by a unique prefix: DT_AUTO_QUE_USERNAME OF CUSTOMER ACCOUNT. DataTill only processes queues with this prefix and excludes any IP address that has multiple queues or lacks the correct identifier. To ensure compatibility, user accounts must be assigned IPs from the IP Accounting pool—those outside the pool are excluded.
4.2. Choosing a Fetch Method:
As previously mentioned, there are three methods in which DataTill can retrieve the IP Accounting information from the relevant MikroTik routers:
- MikroTik API
- Router Accounting URL
- Router Scheduler Script and FTP
4.2.1. MikroTik API
DataTill will log into the router via the MikroTik API and then retrieve the IP Accounting table data stored on the router.
4.2.2. Router Accounting URL
DataTill calls a local URL on the router, which will return a csv-based contents of the IP Accounting table data. DataTill will automatically set the IP Accounting URL.
4.2.3. Router Scheduler & FTP Dumping:
A local script on the MikroTik router dumps IP Accounting data to a file every 30–60 seconds, checking for at least 2MB of free disk space before writing. DataTill retrieves these files via FTP and deletes them after transfer—always skipping the last file to avoid downloading one still being written.
4.2.4. Suggested Method:
Multiple methods can be used to collect IP Accounting data, but scheduled file dumping is preferred to avoid data loss from table limits. When selected, DataTill auto-configures routers to support this method.
Collected data is processed like radius-based usage, matching IP pairs to user accounts via fixed IPs. Daily and monthly summaries appear in the end user’s portal alongside Radius, Fibre, and LTE data. If extended logging is enabled, remote IPs are classified (e.g., Dropbox, Facebook) for detailed usage breakdowns—but note this feature can be resource-intensive.
5. Managing User IP Address Assignments
Every IP Accounting based user account must use a fixed IP address. Two users cannot share the same IP address, as the system will then be unable to allocate data usage to the correct account.
5.1. Adding IP Pools to a Router
To add an IP Pool to a router, edit the router properties of the specific router that you would like to work on. Once the pop-up screen has loaded, go to the “IP Pools” tab.
| Blue: | To add an IP Pool to the router, click on the blue “Add” button. |
| Purple: | In this section, you will be able to view a list of all IP Pools linked to this router. |
| Green: | After making any changes, remember to click on the “Save Changes” button. |
5.2. High Site IP Ranges:
Each High site router is assigned one or more IP subnets in DataTill. The system automatically calculates available IPs, allowing the admin to exclude reserved addresses—such as those used by site equipment like cameras or power monitors—from the selectable pool.
5.3. User IP Allocation:
When IP Accounting user accounts are created, the High site where the user will connect must be selected. Once the High site has been chosen, the list of available subnets will be available for selection. Once a subnet has been chosen, a free IP can be selected from the list within that subnet.
5.4. IP Exclusions:
DataTill automatically tracks all IPs in use by IP Accounting user accounts, excluding those already allocated or reserved for network devices like routers, radios, or power monitors. It also runs a ping test to show if a selected IP is active on the network.
The method of managing these IP ranges will be like the way Radius IP pools are being managed.
6. Creating IP Accounting User Accounts
IP Accounting based user accounts are created the same as radius accounts. On the create user pop-up window there is a selector to choose between radius or IP accounting-based data traffic counting. (Note that this option is only visible if IP accounting has been enabled in the system)
To create the IP Accounting user account, go to the customer profile (“edit customer” screen) and then “add” a new user account in the “Data Accounts” section.
After clicking on the “add” button, you will see the following screen:
| Red: | In this section, you will add the customer’s username. After adding a username, click on the generate password button. |
| Yellow: | In this section, you will need to choose whether you want the traffic to be counted via radius accounting or MikroTik IP Accounting. When adding a normal radius account, you will leave the setting on Radius Accounting. When adding an IP Accounting user account, you will need to change the setting to MikroTik IP Accounting. |
| Dark blue: | Here you will choose the data product as per the customer request. |
| Light Blue: | Here you will be able to insert a fixed IP address from the IP Pool that has been allocated to the specific high site. |
| Black: | Always ensure that the authentication is accepted. |
| Green: | When all details have been filled in, click on the “Add Radius User” button. |
Data package selection, pricing and top-up settings are done in the same way as which you would have added these settings for a normal radius account. Please note that when adding sub-accounts, they need to follow the same traffic counting method as the parent account.
7. IP Accounting Based Billing
7.1. Monthly Billing
Billing for IP Accounting based user accounts is identical to other data accounts like radius, LTE and Openserve. Monthly recurring billing is generated from the data package cost and can be overridden on an individual basis.
7.2. Suspensions
When IP accounting-based users are suspended, the user’s IP address is added to a blocked account address list, on a designated router. A firewall rule on that router needs to be configured so that any traffic from any IP in that address list is redirected to a proxy page indicating a suspended accounts message.
If multiple breakout routers are in use, then the address lists will need to be auto maintained on all these routers.
7.3. Capped Accounts
Similar to suspended accounts, hard capped account IP addresses are also added to a central address list on the breakout router, where a similar firewall rule needs to redirect the user to a similar page showing that the user’s cap has been reached.