Hi, I have a number of customers about 200 on my network most are assigned a public IP using Radius but some people have factory reset their routers and as such are assigned a local IP from the DHCP on my main Microtik CCR router so they can continue to access the internet, the same dhcp assigns local IP addresses to my wireless bridge units, that I have spread over about 25 sq miles.
What I want to do is apply public IP’s to those customers routers that have been factory reset using DHCP but supply local IP’s to my bridge radios.
Not sure how to do this but it is what I want to do.
I did do it with radius a few years ago but something went wrong and customers were not getting internet, took ages to get everything back to working, so not tried since, my reason for having another go is that we had a massive DDOS attack last weekend and I need to know who has what IP addresses as some have been infected by the trogen that was causing the problem, most of the attack was from outside my network, The IP’s were Chinese but were probably spoofed.
1.) Setup Pool of public IPs under /ip/pool
2.) Setup radius server ticking the dhcp box
3.) Under /ppp/secrets click on PPP Authentication & Accounting and tick “use Radius”
4.) Setup DHCP server under /ip/DHCP server setting the “use Radius” setting to yes.
If all the customers connect but can’t get internet then first and foremost check the DHCP gateway can reach internet
open a terminal and ping 8.8.8.8 from the DHCP gateway xxx.xxx.xxx.xxx
ping 8.8.8.8 src-address=xxx.xxx.xxx.xxx
Thanks that looks like what I did before /ppp secrets has use radius ticked as i use it with the PPPoE, question why do I need that ticked for DHCP?
I use FreeRadius/Dalo Radius and I think I assigned the IP’s using the MAC address last time I tried
JUst been having a try and they were still not connecting not getting a gateway address, I think I need an entry under /dhcp networks for the public IP range.
I must be doing something wrong, I cannot get it to work, still assigning from pool even though I am using MAC address in Dalo Radius, do you use MAC as password as well and in this format 00:27:
When MAC authentication is configured, the ICX device authenticates the client using the MAC address and the RADIUS server. The device uses the MAC address for both the username and the password in the request sent to the RADIUS server. Several formats can be used to send the MAC address to the RADIUS server, including sending the MAC address in uppercase. The format is configurable using the mac-authentication password-format command. The lowercase option and xxxxxxxxxxxx are the default format.
What may have happened is the tik is defaulting to a different format so debug at the radius server and see what you are seeing.