Disabling MPPE encryption via RADIUS?

vgs · October 29, 2007, 3:17pm

Hello folks.

I’m using Mikrotik for our PPPoE concentrators, with about 700-800 connections per box. Things are working a lot smoother now that we fixed our lockup issue due to too many local PPPoE secrets. (thanks guys!)

Now, I’ve noticed that when authenticating via RADIUS, some of our clients connect with MPPE128 stateful encryption, which causes their throughput to drop considerably.

Is there a RADIUS attribute that we can pass so Mikrotik does not negotiate encryption?

Thanks!

krigevr · October 29, 2007, 5:13pm

Check out the Access-Accept attributes list in the manual.

Specifically MS-MPPE-Encryption-Policy
and MS-MPPE-Encryption-Types.

If you’re using MySQL, you can either add it in RadGroupReply or something. Not entirely sure what the Values should be,

-K