[Mikrotik] Radius MAC Authentication with both DHCP and static IPs

Jim Rice jmrice6640 at yahoo.com
Wed Mar 16 15:23:09 CDT 2011

Thanks Butch,

> 1. Configure dynamic clients in radius to get a radius
> reply that includes the "ip-pool" attribute

I could not find an "ip-pool" attribute in the radius dictionary.
Is this something I will need to add as a custom attribute to radius,
and if so, will the MikroTik act upon it?

> 2. Configure clients with static IP addresses to get the
> "framed-ip-address" attribute (I think that's the right
> one)

We can supply this if an Access-Request is generated.
I will test this with the Wireless setup.

> 3. Configure a default "unknown" client pool to get the
> ip-pool attribute pointing to a pool of IPs that is NOT your
> "normal access" range

Yes, we will want to redirect any other access attempts to a splash page.
Customers will be connecting new devices to their networks, and there may be some potential new customers that find us.

> All 3 of the above can include a rate-limit attribute of
> whatever is appropriate for the customer.  You would
> have to configure the "static" clients to get an IP from the
> DHCP server, but you will always be providing them with the
> SAME IP (static lease) via the framed-ip-address
> attribute.  (...)

This sounds like we HAVE to use DHCP in order to generate the request for the "static" devices?  Or is this a choice?



PS: We are implementing your QoS script in order to prioritize some of the traffic (VoIP, Streaming, etc.)  But that discussion I will take offline.

More information about the Mikrotik mailing list