Community discussions

MUM Europe 2020
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Problems with external radius server

Thu Sep 17, 2009 2:09 pm

I had mikrotik with two interfaces: one connected to the internet and one connected to the lan. I setup the hotspot service and, on another machine connected with a switch to the lan interface, a free-radius server with the radius manager software that acts as a gui for the radius server. I setup mikrotik for authenicating user using the external radius server...but....nothing....It can't find radius! I tried the functionality of the radius server and all is ok!
The only strange thing is that if I ping from mikrotik the address of the radius server I received host unreachable. Instead of, If I try to ping any other host on the internet all works ok.
May I add any route in order to find the radius server?

Thanks!
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 2:24 pm

if ur ips are public then it should work if both servers r connected to gateway (internet) properly.

if ur using local ip then ips on both server should be from same subnet pool.
(e.g. keep mikrotik ips as 192.168.0.1/24 & radius server 192.168.0.2/24)

also change the ethernet of ip address u have configured to connect radius server.
If firewall is configured you may blocked in it

Good luck!
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 3:10 pm

The lan interface of mitrokit and the lan card of the radius server already are on the same subnet and the firewall of the radius server is disabled.....what can I do? please help me....
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 3:33 pm

check cables if ur directly connecting eth to eth u may need crossover cable & check link duplex speed of lancard it should be same if it is connected directly. it will not connect untill u can ping it. also check if you have connected the radius cable on MT eth on which u have configured ip address. check ip address & subnets again.

r u using public ips?
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 3:45 pm

no, both the mikrotik lan address and the radius ethernet are private addresses (192.168.128.x with the subnet 255.255.255.0).
Should I make any change to the mikrotik firewall? I left all default options....
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 4:13 pm

do u have switch between both servers? by default MT firewall is off. [until u add some filters]
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 4:30 pm

yes I have a switch with 3 cables connected...lan interface of mikrotik, ethernet card of the radius server and a laptop running winbox. I tried to ping radius ip directly from the laptop (and not from winbox)and works!!
So is only mikrotik that is unable to ping and find that address!! I tried to tracert the address of radius inside winbox but i receive 0.0.0.0 timeout...........
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 4:46 pm

/ip address> print
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 5:08 pm

0 192.168.128.240/24 192.168.128.0 192.168.128.255 lan
1 192.168.1.4/24 192.168.1.0 192.168.1.255 wan

I found that if I specified inside winbox to use ARP ping and I use 5000ms of timeout, sometimes radius respond with time near to 5000 (4500, 4800,....)

Why?????
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 5:21 pm

ips r fine can you ping laptop from MT?
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 5:26 pm

the same thing....sometimes it pings (only ARP ping) but with time near to 5 seconds!!!

I really don't understand.......any idea?

Why only arp ping works???
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 5:33 pm

change MT cable & switch port & keep interface ARP as enabled
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 5:44 pm

have you configured anything in MT firewall?
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 5:52 pm

No...all the rules in the firewall section are the default ones...
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 6:06 pm

/ip firewall filter> print
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 6:14 pm

chain=unused-hs-chain action=passthrough
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 6:20 pm

can you ping MT from laptop & radius server & from which ip ur accessing winbox?

make a crossover cable & attach directly to radius server & check
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 6:54 pm

pinging from radius to MT gave me this message:
from 192.168.128.240 icmp_seq=1 Destination Net Prohibited

With the cross cable I obtained the same result...
ARP ping from MT to radius --> OK!
Ping from MT to radius --> no answer
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Thu Sep 17, 2009 7:15 pm

if u can ping mac address & unable to ping ip it means u have not established the ip network between it. assign the ip address to the right interface of MT.

exchange ips or cables of wan & lan then check can u ping MT from Laptop?
 
vince76
newbie
Topic Author
Posts: 27
Joined: Tue Sep 08, 2009 5:01 pm

Re: Problems with external radius server

Thu Sep 17, 2009 8:16 pm

I think that I found the problem....If I delete the hotspot ping is ok!!
So....what was wrong? I setup the hotspot with the wizard (and the hotspot was ok because if I configured local accounts on MT user can access to internet)...
But...Every time I try to setup the hotspot...Radius will become unreachable from MT!!!
Please HELP!!
 
User avatar
asus
Member
Member
Posts: 403
Joined: Fri Mar 27, 2009 9:42 am
Location: Mumbai, India

Re: Problems with external radius server

Fri Sep 18, 2009 8:41 am

r u using same pool 192.168.128.0/24 for hotspot users? if yes then try different ips for radius & MT. ur hotspot users gateway is 203.76.184.240?
 
SurferTim
Forum Guru
Forum Guru
Posts: 4637
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Problems with external radius server

Fri Sep 18, 2009 12:48 pm

Is the radius server on the lan with the hotspot? I haven't tried that. You might want to try bypassing the ip of the radius server through the hotspot, or putting the radius server on another interface.

/ip hotspot ip-binding
add address=192.168.128.x type=bypassed

We've moved! Come see us in our new location!
http://forum.mikrotik.com/viewtopic.php?f=2&t=35028

Who is online

Users browsing this forum: Baidu [Spider] and 34 guests