Dear All.
I Try to uset mikrotik hotspot at it’s wired eth port using external DHCP and Radius.
Both DHC and Radius server is based on FreeRadius.
Network :
- DHCP and Radius is @ 10.255.255.12, connected via interface raddhcp
- Interface LAN is just connected to a PC @ 10.10.255.200
- Interface ethernet4 is connected to my internet gateway
- This box have no DHCP service, but it have DHCP-RELAY service on interface hotspot-eth
- I plug mikrotik METAL configured as plain wifi AP-bridge (wireless and ethernet bridged) to this box at interface hotspot-eth
What I want is :
- Client before authenticated , will have IP of network 10.254.1.0/24. will only have access to this box (i.e for : Login page, DNS)
- authenticated client will have IP of network 10.255.3.0/24, and will have all access.
Currently (client = Android device), - Client got first IP address of network 10.154.1.0/24 as expected, but
- when I try to open http://www.mikrotik.com , it said ‘this web page is not available’ , the login page did not showed up. also,
- when I try to open hs1.metal/login , it said ‘this web page is not available’.
mikrotik configuration :
[admin@mtik01] > /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU
0 R ;;; _Net0
LAN ether 1500
1 R ;;; RADDHCP
raddhcp ether 1500
2 R ;;; Bridged-Eth0
hotspot-eth ether 1500
3 R ether4 ether 1500
4 X pppoe-in4 pppoe-in
[admin@mtik01] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=10.10.255.100/24 network=10.10.255.0 interface=LAN actual-interface=LAN
1 address=10.255.255.12/29 network=10.255.255.8 interface=raddhcp actual-interface=raddhcp
2 address=10.255.3.126/24 network=10.255.3.0 interface=hotspot-eth actual-interface=hotspot-eth
3 X address=10.255.1.129/25 network=10.255.1.128 interface=ether4 actual-interface=ether4
4 ;;; for prehotspot
address=10.254.1.254/24 network=10.254.1.0 interface=hotspot-eth actual-interface=hotspot-eth
5 D address=192.168.100.175/24 network=192.168.100.0 interface=ether4 actual-interface=ether4
[admin@mtik01] > /ip dns print
servers: 8.8.8.8
dynamic-servers: 8.8.8.8
allow-remote-requests: yes
max-udp-packet-size: 4096
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 10KiB
[admin@mtik01] > /ip dns cache print detail
Flags: S - static
0 S name="hs1.metal" address=10.255.3.126 ttl=5m
1 S name="www.mikrotik.com" address=174.137.132.42 ttl=1d
Flags: X - disabled, I - invalid
0 name="relay3" interface=hotspot-eth dhcp-server=10.255.255.14 delay-threshold=none local-address=10.255.3.126
[admin@mtik01] /ip hotspot> print detail
Flags: X - disabled, I - invalid, S - HTTPS
0 name="hotspot1" interface=hotspot-eth profile=hsprof2 idle-timeout=5m keepalive-timeout=none ip-of-dns-name=10.255.3.126
proxy-status="running"
[admin@mtik01] /ip hotspot> profile print detail
Flags: * - default
0 * name="default" hotspot-address=0.0.0.0 dns-name="" html-directory=hotspot rate-limit="" http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
1 name="hsprof2" hotspot-address=10.255.3.126 dns-name="hs1.metal" html-directory=hotspot rate-limit=""
http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-pap http-cookie-lifetime=3d split-user-domain=no
use-radius=yes radius-accounting=yes radius-interim-update=received nas-port-type=wireless-802.11
radius-default-domain="" radius-location-id="" radius-location-name="" radius-mac-format=XX:XX:XX:XX:XX:XX
[admin@mtik01] /ip hotspot> walled-garden print detail
Flags: X - disabled, D - dynamic
0 D dst-address=10.255.0.0/16 dst-port="" action=allow hits=0
1 X ;;; place hotspot rules here
dst-port="" action=allow hits=0
[admin@mtik01] /ip hotspot> walled-garden ip print detail
Flags: X - disabled, I - invalid
0 dst-address=10.255.0.0/16 action=accept
[admin@mtik01] > radius print detail
Flags: X - disabled
0 service=ppp,hotspot called-id="" domain="" address=10.255.255.14 secret="metal1234" authentication-port=1812
accounting-port=1813 timeout=3s accounting-backup=no realm="" src-address=10.255.255.12
FreeRadius Debug
(352) Sent code 1029 Id 1830046159 from 10.255.255.14:67 to 10.255.3.126:67 length 0
(352) DHCP-Relay-IP-Address = 10.255.3.126
(352) DHCP-IP-Address-Lease-Time = 20
(352) DHCP-Subnet-Mask = 255.255.255.0
(352) DHCP-Router-Address = 10.254.1.254
(352) DHCP-Your-IP-Address = 10.254.1.1
(352) DHCP-Client-IP-Address = 255.255.255.255
(352) DHCP-Domain-Name-Server = 10.254.1.254
(352) DHCP-DHCP-Server-Identifier = 10.255.3.126
(352) DHCP-Gateway-IP-Address = 10.255.3.126
(352) DHCP-Message-Type = DHCP-Ack
(352) DHCP-DHCP-Maximum-Msg-Size = 1500
(352) DHCP-Opcode = Server-Message
(352) DHCP-Hardware-Type = Ethernet
(352) DHCP-Hardware-Address-Length = 6
(352) DHCP-Hop-Count = 1
(352) DHCP-Transaction-Id = 1830046159
(352) DHCP-Flags = 0
(352) DHCP-Client-Hardware-Address = 08:8c:2c:0d:84:67
DHCP-Opcode = Server-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 1
DHCP-Transaction-Id = 1830046159
DHCP-Number-of-Seconds = 0
DHCP-Flags = 0
DHCP-Client-IP-Address = 255.255.255.255
DHCP-Your-IP-Address = 10.254.1.1
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 10.255.3.126
DHCP-Client-Hardware-Address = 08:8c:2c:0d:84:67
DHCP-Server-Host-Name = ""
DHCP-Boot-Filename = ""
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.254.1.254
DHCP-Domain-Name-Server = 10.254.1.254
DHCP-IP-Address-Lease-Time = 20
DHCP-DHCP-Server-Identifier = 10.255.3.126
DHCP-DHCP-Maximum-Msg-Size = 1500
Sending DHCP-Ack Id 6d1449cf from 10.255.255.14:67 to 10.255.3.126:67
(352) Finished request
(352) Cleaning up request packet ID 1830046159 with timestamp +8248
Kindly please give me some enlightenment to fix this.
Sincerely
-bino-