I’ve been reviewing all the prior posts on here regaurding RADIUS, PPPoE, and multiple subnets. From what I’ve read it doesn’t appear to be supported.
In short what I would like to accomplish is to have two networks reside on one interface. One with publically assigned addresses, and one with private addresses. The problem I’m running into is how do you set a profile to user via RADIUS? Because depending on the user the local IP and remote IP addresses for the user will be private or public.
I’ve used the Framed-Pool attribute, that works, but how do you define the local-address on the mikrotik? If you leave it blank the PPPoE connection wont establish. And if you set it to a public or private it will only work for the pool that resides on the same network.
From what I’ve read I believe this currently isn’t possible with PPPoE and RADIUS, but I just thought I’d make this post to get a definative yes or no.
maybe I’m missing something on how the PPP protocol works, but it seems to work w/ whatever the local Ip address is.. i have a private address set as the local ip, 192.168.99.1, and with a public pool assigned to the remote I can still connect.. Kind of odd.. I’ll have to do some catch up reading on PPP…
That’s quite normal. PPP is Point to Point. It does not care what the addresses of the two endpoints are, as long as they are directly linked to each other. One end may very well be 1.1.1.1 whilst the remote is 255.255.255.254 (not really), and they will hapily talk to each other over PPP.
Only when you start routing subnets over PPP to end users, does the local address really become a issue, because the local address then needs to be in the same subnet that you are assigning to the end user.
I see… So if i were to give a business a /29 then I could see where this would be an issue…
So then how would you assign a local address to specific secrets for these special cases using RADIUS. I already have users with these needs, and when I switch to PPPoE I don’t want to compromise that.
Whilst I do see the need for that, I never had to implement it (thankfully?)
I am only speculating now, but perhaps have a look at the Framed-Route Attribute… Basically, a PPP connection is made, and then a /29 or whatever you need, is routed over that link once it is established.
Routing the IP addresses seperately is just about the only logical way I can see to do this, but there might very well be better ways.
