CapsMan Dynamic vlan

Hi everyone;

Which dynamic vlan attributes for freeRadius are you using?

https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client#Supported_RADIUS_Attributes

Thank you for your raply.

I couldn`t find correct usage , is there anyone who run and succed a dynamic vlan on the freeradius?

Usage “Mikrotik-Wireless-VLANID = 21”
Error message "Unknown attribute “Mikrotik-Wireless-VLANID” requires a hex string, not “21"”

Usage " Mikrotik-Wireless-VLANID = 0X15"
Error “Invalid format in attribute name “Mikrotik-Wireless-VLANID””

i highly recommend to read through this topic: http://forum.mikrotik.com/t/capsman-freeradius-vlan-per-user/107024/1
also the last post here was a big help: http://forum.mikrotik.com/t/solved-freeradius-aaa-assign-users-to-groups/47140/1
Also important: use a fairly recent version of freeradius, i had loads of troubles one time because i was using an old version

Thank you,

It`s working now after update to /usr/share/freeradius/dictionary.mikrotik

Not: You must update to /usr/share/freeradius/dictionary.mikrotik. take a look at RouterOS - RouterOS - MikroTik Documentation


Step By Step my configuration (Freeradius-Mysql -Mikrotik-DynamicVlan )

-----------------------------------------Freeradius------------------------------------
Eap.conf
eap {

tls {

• default_eap_type = md5

• default_eap_type = tls
  
  
  private_key_file = ${certdir}/certificate.key
  certificate_file = ${certdir}/certificate.crt
  ca_file = ${cadir}/ca_bundle.crt
  
  \

• cipher_list = "DEFAULT"

• cipher_list = "HIGH"
  
  \

• ecdh_curve = "prime256v1"

• ecdh_curve = "secp521r1"

cache {

• name = "EAP-TLS"
• persist_dir = "${logdir}/tlscache"

peap {

• use_tunneled_reply = no

• use_tunneled_reply = yes
  }
  }
  }
  }
  
  
  Radius.conf
  
  \

• #$INCLUDE sql.conf

• $INCLUDE sql.conf

Sql.conf

database = "mysql"

inner-tunnel

authorize {

• files

• sql
  }
  
  
  /etc/raddb/sites-available/default

authorize {

• files

• sql
  }
  accounting {

• files

• sql
  }

post-auth {

• sql
  }
  
  
  ---------------------------------------FreeRadius end------------------------------------------
  
  
  -------------------------------------Mikrotik CapsMan -------------------------------------------

/interface bridge
add fast-forward=no name=bridge1

/interface vlan

add interface=sfp1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
add interface=bridge1 name=vlan40 vlan-id=40

/caps-man configuration
add country=turkey datapath.bridge=bridge1 datapath.vlan-mode=use-tag name=cfg1 security.authentication-types=wpa2-eap security.eap-methods=passthrough ssid=DynamicVlanTest caps-man interface
add configuration=cfg1 configuration.country=turkey disabled=no mac-address=00:00:00:00:00:00 master-interface=none name=cap1 radio-mac=00:00:00:00:00:00

/ip pool
add name=vlan30_pool ranges=10.0.30.2-10.0.30.255
add name=vlan40_pool ranges=10.0.40.2-10.0.40.254


/ip dhcp-server
add address-pool=vlan30_pool disabled=no interface=vlan30 name=vlan30
add address-pool=vlan40_pool disabled=no interface=vlan40 name=vlan40

/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge1
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1

/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3

/ip address
add address=10.0.30.1/24 interface=vlan30 network=10.0.30.0
add address=10.0.40.1/24 interface=vlan40 network=10.0.40.0

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=vlan20

/ip dhcp-server network
add address=10.0.30.0/24 dns-server=37.202.48.10 gateway=10.0.30.1 netmask=24
add address=10.0.40.0/24 dns-server=37.202.48.10 gateway=10.0.40.1 netmask=24
add address=172.16.2.0/24 dns-server=37.202.48.10 gateway=172.16.2.1

/ip firewall nat
add action=masquerade chain=srcnat src-address=10.0.30.0/24
add action=masquerade chain=srcnat src-address=10.0.40.0/24

/ppp aaa
set use-radius=yes
/radius
add address=10.0.0.2 secret=1qazxsw2 service=wireless
/radius incoming
set accept=yes port=1700

----------------------------Mysql------------------------------------------------------------------------------------
INSERT INTO radius.nas (id, nasname, shortname, type, ports, secret, server, community, description) VALUES (NULL, '10.0.0.2', 'mikrotik', 'other', NULL, '1qazxsw2', NULL, NULL, '');
INSERT INTO radius.radcheck (id, username, attribute, op, value) VALUES (NULL, 'test_user', 'Cleartext-Password', ':=', '12345678');
UPDATE radius.radreply SET username = 'test_user' WHERE radreply.id = 7;INSERT INTO radius.radreply (id, username, attribute, op, value) VALUES (NULL, 'test_user ', 'Mikrotik_Wireless_VLANID', '=', '30');
INSERT INTO radius.radreply (id, username, attribute, op, value) VALUES (NULL, 'test_user', 'Mikrotik_Wireless_VLANIDtype', '=', '0');