Problems with external radius server

I had mikrotik with two interfaces: one connected to the internet and one connected to the lan. I setup the hotspot service and, on another machine connected with a switch to the lan interface, a free-radius server with the radius manager software that acts as a gui for the radius server. I setup mikrotik for authenicating user using the external radius server…but…nothing…It can’t find radius! I tried the functionality of the radius server and all is ok!
The only strange thing is that if I ping from mikrotik the address of the radius server I received host unreachable. Instead of, If I try to ping any other host on the internet all works ok.
May I add any route in order to find the radius server?

Thanks!

if ur ips are public then it should work if both servers r connected to gateway (internet) properly.

if ur using local ip then ips on both server should be from same subnet pool.
(e.g. keep mikrotik ips as 192.168.0.1/24 & radius server 192.168.0.2/24)

also change the ethernet of ip address u have configured to connect radius server.
If firewall is configured you may blocked in it

Good luck!

The lan interface of mitrokit and the lan card of the radius server already are on the same subnet and the firewall of the radius server is disabled…what can I do? please help me…

check cables if ur directly connecting eth to eth u may need crossover cable & check link duplex speed of lancard it should be same if it is connected directly. it will not connect untill u can ping it. also check if you have connected the radius cable on MT eth on which u have configured ip address. check ip address & subnets again.

r u using public ips?

no, both the mikrotik lan address and the radius ethernet are private addresses (192.168.128.x with the subnet 255.255.255.0).
Should I make any change to the mikrotik firewall? I left all default options…

do u have switch between both servers? by default MT firewall is off. [until u add some filters]

yes I have a switch with 3 cables connected…lan interface of mikrotik, ethernet card of the radius server and a laptop running winbox. I tried to ping radius ip directly from the laptop (and not from winbox)and works!!
So is only mikrotik that is unable to ping and find that address!! I tried to tracert the address of radius inside winbox but i receive 0.0.0.0 timeout…

/ip address> print

0 192.168.128.240/24 192.168.128.0 192.168.128.255 lan
1 192.168.1.4/24 192.168.1.0 192.168.1.255 wan

I found that if I specified inside winbox to use ARP ping and I use 5000ms of timeout, sometimes radius respond with time near to 5000 (4500, 4800,…)

Why???

ips r fine can you ping laptop from MT?

the same thing…sometimes it pings (only ARP ping) but with time near to 5 seconds!!!

I really don’t understand…any idea?

Why only arp ping works???

change MT cable & switch port & keep interface ARP as enabled

have you configured anything in MT firewall?

No…all the rules in the firewall section are the default ones…

/ip firewall filter> print

chain=unused-hs-chain action=passthrough

can you ping MT from laptop & radius server & from which ip ur accessing winbox?

make a crossover cable & attach directly to radius server & check

pinging from radius to MT gave me this message:
from 192.168.128.240 icmp_seq=1 Destination Net Prohibited

With the cross cable I obtained the same result…
ARP ping from MT to radius → OK!
Ping from MT to radius → no answer

if u can ping mac address & unable to ping ip it means u have not established the ip network between it. assign the ip address to the right interface of MT.

exchange ips or cables of wan & lan then check can u ping MT from Laptop?

I think that I found the problem…If I delete the hotspot ping is ok!!
So…what was wrong? I setup the hotspot with the wizard (and the hotspot was ok because if I configured local accounts on MT user can access to internet)…
But…Every time I try to setup the hotspot…Radius will become unreachable from MT!!!
Please HELP!!