EAP, Radius and VLAN assignment based on user

RouterOS Wireless Networking
1

I’m planning a new wireless setup in a building.
There needs to be just 1 SSID with WPA(2)-EAP, where a user logs in with a username and password.

A RADIUS server is used, which should give back the Attribute MIKROTIK_WIRELESS_VLANID = 20, this should put the user in VLAN 20 and he will get an address from the VLAN20-DHCP.

I understand that this does not work in RouterOS? When will it finally be implemented? If it takes another year I’ll just have to buy Cisco instead of MikroTik.
Or does anyone have a solution to make this work?

ADD DYNAMIC VLAN ASSIGNMENT.
2

You may look into the PacketFence project. It supports what you are asking with MikroTik devices.

3

Are you sure? If I look at the documentation of PacketFence, it says only MAC authentication is available for Mikrotik at the moment.
http://www.packetfence.org/downloads/PacketFence/doc/PacketFence_Network_Devices_Configuration_Guide-4.7.0.pdf

4

You may ask for support on the PacketFence forums. I don’t have a MikroTik + PacketFence setup running yet, so I really can’t help. But it believe it should be able to do what you want.

5

@timd93
What wireless package do you use? AFAIK ‘wireless-fp’ package is necessary to use ‘Mikrotik_Wireless_VLANID’ and ‘Mikrotik_Wireless_VLANIDtype’ attributes.

HTH,

6

I’m using a hAP Lite and there is only a wireless-cm2 package for that device.
Also, packetfence does not do what I want.

7

I have not tested on EAP wpa enterprise mode

I have tested WPA PSK with RADIUS mac authentication

Using freeradius for windows and can assign VID successfully on Ros 6.27 on rb951Ui. wireless-fp package

Just update attribute dictionary for mikrotik devices on freeradius.

users.conf like this for every user:

aa:aa:aa:aa:aa:aa User-Password == “aa:aa:aa:aa:aa:a”
Mikrotik_Wireless_VLANID = “47”,
Mikrotik_Wireless_VLANIDtype = “0”,