[Mikrotik] Radius MAC Authentication with both DHCP and static IPs

Shayne Lebrun slebrun at corebroadband.ca
Wed Mar 16 16:29:47 CDT 2011


If the computer isn't actively looking for settings to be assigned to it,
like through a DHCP request, you cannot assign it settings.

The router isn't going to create a radius request for every packet that
comes in with a given mac address.

> -----Original Message-----
> From: mikrotik-bounces at mail.butchevans.com [mailto:mikrotik-
> bounces at mail.butchevans.com] On Behalf Of Jim Rice
> Sent: March-16-11 4:23 PM
> To: Mikrotik discussions
> Subject: Re: [Mikrotik] Radius MAC Authentication with both DHCP and
static IPs
> 
> Thanks Butch,
> 
> 
> 
> > 1. Configure dynamic clients in radius to get a radius reply that
> > includes the "ip-pool" attribute
> 
> I could not find an "ip-pool" attribute in the radius dictionary.
> Is this something I will need to add as a custom attribute to radius, and
if so, will
> the MikroTik act upon it?
> 
> > 2. Configure clients with static IP addresses to get the
> > "framed-ip-address" attribute (I think that's the right
> > one)
> 
> We can supply this if an Access-Request is generated.
> I will test this with the Wireless setup.
> 
> > 3. Configure a default "unknown" client pool to get the ip-pool
> > attribute pointing to a pool of IPs that is NOT your "normal access"
> > range
> 
> Yes, we will want to redirect any other access attempts to a splash page.
> Customers will be connecting new devices to their networks, and there may
be
> some potential new customers that find us.
> 
> > All 3 of the above can include a rate-limit attribute of whatever is
> > appropriate for the customer.  You would have to configure the
> > "static" clients to get an IP from the DHCP server, but you will
> > always be providing them with the SAME IP (static lease) via the
> > framed-ip-address attribute.  (...)
> 
> This sounds like we HAVE to use DHCP in order to generate the request for
the
> "static" devices?  Or is this a choice?
> 
> Thanks,
> 
> Jim
> 
> PS: We are implementing your QoS script in order to prioritize some of the
> traffic (VoIP, Streaming, etc.)  But that discussion I will take offline.
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://www.butchevans.com/mailman/listinfo/mikrotik
> 
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
RouterOS



More information about the Mikrotik mailing list