Radius client not receiving Framed-Route attribute

RouterOS General
1

Hello,

I have a small ISP-type network where I will have several clients behind one of many Mikrotik routers. We have decided to use PPPoE and Radius to authenticate the remote CPE radios and assign IP addresses. The Mikrotik is acting as the PPPoE Server and Radius Client, running FreeRadius centrally.

PPPoE is working beautifully and the CPE is receiving its IP address via Radius Framed-IP-Address, however, the Mikrotik does not seem to be receiving a route to the client network via Radius Framed-Route. The Mikrorik is running RIP.

Setup:

CPE Radio—POP Radio—Mikrotik1 (PPPoE Server/Radius client)—Mikrotik2—FreeRadius Server

CPE LAN side address: 10.32.128.1
CPE WLAN side address: Assigned via PPPoE/Radius: 10.24.1.20/28
MIKROTIK1 networks: 10.1.24.0/28, 10.32.0.0/28
FreeRadius: 10.0.2.6

RADIUS Attributes:
Framed-IP-Address := 10.1.24.20
Framed-Route := 10.32.128.0/28 10.24.1.20 1

Mikrotik PPP and Radius exports
/ppp profile
set default change-tcp-mss=yes local-address=10.1.24.1 name=default only-one=
default use-compression=default use-encryption=default use-mpls=default
use-vj-compression=default
set default-encryption change-tcp-mss=yes name=default-encryption only-one=
default use-compression=default use-encryption=yes use-mpls=default
use-vj-compression=default
/ppp aaa
set accounting=yes interim-update=1m use-radius=yes
[admin@HTLAB] > /ppp aaa export

jun/06/2011 09:14:15 by RouterOS 5.4

software id = 4SS3-0PN9

/ppp aaa
set accounting=yes interim-update=1m use-radius=yes

/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=
no interface=sectors keepalive-timeout=10 max-mru=1480 max-mtu=1480
max-sessions=0 mrru=disabled one-session-per-host=no service-name=
service1

[admin@HTLAB] > /radius export

jun/06/2011 09:14:23 by RouterOS 5.4

software id = 4SS3-0PN9

/radius
add accounting-backup=no accounting-port=1813 address=10.0.2.6
authentication-port=1812 called-id=“” disabled=no domain=“” realm=“”
secret=all4haiti service=ppp,login,wireless timeout=300ms
/radius incoming
set accept=no port=3799

Mikrotik radius, debug, packet shows receipt of the Framed-IP-Address Attribute but not Framed-Route:

echo: radius,debug,packet Acct-Session-Id = “81700007”
echo: radius,debug,packet Framed-IP-Address = 10.1.24.20
echo: radius,debug,packet Acct-Authentic = 1
echo: radius,debug,packet Event-Timestamp = 1307369563
echo: radius,debug,packet Acct-Status-Type = 1
echo: radius,debug,packet NAS-Identifier = “HTLAB”
echo: radius,debug,packet Acct-Delay-Time = 0
echo: radius,debug,packet MT-Realm = 0x766f696c612e6874
echo: radius,debug,packet NAS-IP-Address = 10.32.0.6
echo: radius,debug,packet received Accounting-Response with id 108 from 10.0.2.6:1813
echo: radius,debug,packet Signature = 0x9674f362d2995f76d98857efc21f4eec

\

radtest shows the Framed-Route attribute being sent successfully from FreeRadius.

Any ideas what is configured incorrectly or missing such that I’m not receiving the route?

Thank you,
Jen

2

Possibly barking up the wrong tree, but post an export on RIP settings. Is RIP set up the same on CPE as Mikrotik? Can you ping client CPE from radius and radius from CPE?

3

radtest shows the Framed-Route attribute being sent successfully from FreeRadius.

Framed-route is sent in the access-accept (auth response) packet.
Is that where you see it being sent with radtest?

http://freeradius.org/rfc/rfc2865.html#Framed-Route

Your log post is the acct packet, which doesn’t use framed-route.

If possible, post the auth request and response packets.