I have a lot of POPs each with 2 wifi cards and one ethernet interface on client side - all these interfaces are in a bridge with the same IP address pool on DHCP.
Objective: I must check SSID (possibly port type:wlan or eth) and assign IP address from Radius.
When I check SSID with NAS-Port-Id attribute:
00:13:CE:9A:F6:82 NAS-Port-Id == wlan1
it’s working and radio begin assosiated do AP.
But with this check DHCP stop working. Check SSID works fine, client can be associated with radio station, but dhcp lease stop working.
Then I remove this line from radius check table, DHCP start working, but of course I lost possibility of check SSID.
Here is output from freeradius debug mode when I check MAC on DHCP in Radius and don’t check SSID:
rad_recv: Access-Request packet from host 10.1.1.17:32771, id=244, length=85
Service-Type = Framed-User
NAS-Port-Id = "wlan1"
User-Name = "00:13:CE:9A:A6:77"
User-Password = ""
NAS-Identifier = "datanet"
NAS-IP-Address = 10.1.1.17
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radg roupcheck,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radg roupreply,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
Login OK: [00:13:CE:9A:A6:77/] (from client baza_10.1.1.17 port 0)
Sending Access-Accept of id 244 to 10.1.1.17 port 32771
Framed-IP-Address = 192.168.1.111
rad_recv: Access-Request packet from host 10.1.1.17:32771, id=245, length=113
NAS-Port-Type = Ethernet
NAS-Port = 2207252620
Calling-Station-Id = "1:0:13:ce:9a:a6:77"
Called-Station-Id = "MT-DHCP"
User-Name = "00:13:CE:9A:A6:77"
User-Password = ""
NAS-Identifier = "datanet"
NAS-IP-Address = 10.1.1.17
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radg roupcheck,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radg roupreply,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 4
Login OK: [00:13:CE:9A:A6:77/] (from client baza_10.1.1.17 port 2207252620 cli 1:0:13:ce:9a:a6:77)
Sending Access-Accept of id 245 to 10.1.1.17 port 32771
Framed-IP-Address = 192.168.1.111
Strange for me is that I see NAS-Port-Id = “wlan1” and then NAS-Port-Type = Ethernet on the same physical interface!
Here I check MAC on DHCP in Radius and start to check SSID too:
rad_recv: Access-Request packet from host 10.1.1.17:32771, id=3, length=85
Service-Type = Framed-User
NAS-Port-Id = "wlan1"
User-Name = "00:13:CE:9A:A6:77"
User-Password = ""
NAS-Identifier = "datanet"
NAS-IP-Address = 10.1.1.17
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 3
Login OK: [00:13:CE:9A:A6:77/] (from client baza_10.1.1.17 port 0)
Sending Access-Accept of id 3 to 10.1.1.17 port 32771
Framed-IP-Address = 192.168.1.111
rad_recv: Access-Request packet from host 10.1.1.17:32771, id=4, length=113
NAS-Port-Type = Ethernet
NAS-Port = 2207252626
Calling-Station-Id = "1:0:13:ce:9a:a6:77"
Called-Station-Id = "MT-DHCP"
User-Name = "00:13:CE:9A:A6:77"
User-Password = ""
NAS-Identifier = "datanet"
NAS-IP-Address = 10.1.1.17
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '00:13:CE:9A:A6:77' ORDER BY id
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00:13:CE:9A:A6:77' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 2
rlm_sql (sql): No matching entry in the database for request from user [00:13:CE:9A:A6:77]
Login incorrect: [00:13:CE:9A:A6:77/] (from client baza_10.1.1.17 port 2207252626 cli 1:0:13:ce:9a:a6:77)
rad_recv: Access-Request packet from host 10.1.1.17:32771, id=4, length=113
Sending Access-Reject of id 4 to 10.1.1.17 port 32771
It’a a bug in Mikrotik software?
Please advice, I try to get this config to work with few days without successs.
Regards,
Piotr