Community discussions

MikroTik App
 
miltont
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Nov 11, 2015 3:58 am

RADIUS on Different Subnet

Mon Oct 01, 2018 5:45 am

Greetings
Im currently adding a new Ip subnet on my network,
My Primary subnet 10.20.0.x has a Mikrotik Router its ip is 10.20.0.1
In this network i have a RADIUS Server (10.20.0.65) and it works fine when im on the same network subnet.
I have 12 Devices using PPPOE authentication.

Now, i added this new network 10.20.2.x, Mikrotik Router 10.20.2.1
its connected to the 10.20.0.x Subnet via Ubiquiti AP, using PowerBeam as station on ETHER1 of this 10.20.2.1
Mikrotik Router, its using DHCP Client on Interface ETHER1 its ip 10.20.0.56, the issue that im having is that it appears
that this router 10.20.2.1 is not permitting RADIUS, even tough i can ping 10.20.0.65 and it replies from router 10.20.2.1..
Do i have to do something more on this mikrotik to permit RADIUS traffic and can use also PPPOE like on 10.20.0.x network
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1693
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: RADIUS on Different Subnet

Tue Oct 02, 2018 12:50 am

Off the bat, it can be 2 things, you need to add second Mikrotik route in radius as nas device, and then possible firewall rules blocking comma
MTCNA, MTCTCE, MTCRE & MTCINE
 
miltont
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Nov 11, 2015 3:58 am

Re: RADIUS on Different Subnet

Tue Oct 02, 2018 6:37 am

I can ping ok, so the route to each network is ok, regarding firewall rules i dont have any deployed in each network since im testing...
 
mducharme
Trainer
Trainer
Posts: 970
Joined: Tue Jul 19, 2016 6:45 pm

Re: RADIUS on Different Subnet

Tue Oct 02, 2018 7:14 am

The RADIUS server generally needs to have the NAS IP configured, you probably added the IP of your first NAS but not the second one. The default for most RADIUS servers is to only reply to requests from known NAS IP's.
 
miltont
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Nov 11, 2015 3:58 am

Re: RADIUS on Different Subnet

Tue Oct 02, 2018 7:31 am

Greetings
I only added 1 RADIUS Server (10.20.0.65)
I added similar configuration from 10.20.0.1 router to the 10.20.2.1 router
The RADIUS server generally needs to have the NAS IP configured, you probably added the IP of your first NAS but not the second one. The default for most RADIUS servers is to only reply to requests from known NAS IP's.
 
mducharme
Trainer
Trainer
Posts: 970
Joined: Tue Jul 19, 2016 6:45 pm

Re: RADIUS on Different Subnet

Tue Oct 02, 2018 8:20 am

Greetings
I only added 1 RADIUS Server (10.20.0.65)
I added similar configuration from 10.20.0.1 router to the 10.20.2.1 router
You misunderstand what I am saying.

RADIUS servers normally ignore requests from all routers except those routers that have been defined as NAS units in the RADIUS server config. If you added a new router, and you did not tell the RADIUS server what the IP of that router is, the default behavior is for the RADIUS server to ignore all requests sent to it by the unknown router.

Who is online

Users browsing this forum: Max2 and 48 guests