Hi All and support Mikrotik.

need help here,..

RouterOS 6.25 - CCR1036

im using hotspot and it has 2 authentication method: https and mac-cookie. and hotspot interface is using bridge, and inside the bridge is using multiple vlan.
-
/interface bridge
add name=bridge-hs-public
/interface bridge port
add bridge=bridge-hs-public interface=VLAN100
-

if the user login by https, the NAS-Port-Id was valid, and the mikrotik take it from VLAN100, we can see at radius log below:

*** Received from 10.10.10.1 port 54093 ....
Code: Access-Request
Identifier: 151
Authentic: 8N<144>N<149><5><240>$<206><203><27>0<210><223>9g
Attributes:
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "00:EB:2D:3D:AA:57"
Called-Station-Id = "server-hs-public"
NAS-Port-Id = "VLAN100"
User-Name = "andersonlich"
NAS-Port = 2156924616
Acct-Session-Id = "80900ec8"
Framed-IP-Address = 100.67.25.236
Mikrotik-Host-IP = 100.67.25.236
User-Password = "<233>+=<3><221><211><197><201>r<188><189><159><168>H7<183>"
Service-Type = Login-User
NAS-IP-Address = 10.10.10.1

but after my ID relogin using Auth by MAC-Cookie, the NAS-Port-Id was taken from the name of interface bridge.

*** Received from 10.10.10.1 port 60254 ....
Code: Access-Request
Identifier: 63
Authentic: <23><132>t;<29>L<198>`d<136><206>4+<254>i9
Attributes:
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "04:0C:CE:D5:F8:02"
Called-Station-Id = "server-hs-public"
NAS-Port-Id = "bridge-hs-public"
User-Name = "andersonlich"
NAS-Port = 2156924308
Acct-Session-Id = "80900d94"
Framed-IP-Address = 100.67.27.119
Mikrotik-Host-IP = 100.67.27.119
User-Password = "<218><7><17><200><22><127><143><174><253><14><7>**<215><152><205>"
Service-Type = Login-User
NAS-IP-Address = 10.10.10.1

and our goal is how to make the NAS-Port-Id persistent when the user login in both method (https and mac-cookie), and the NAS-Port-Id should be taken from Interface Name of the VLAN.
is it a bug or this is normal process for auth by MAC-Cookie for hotspot ? or is it possible mikrotik development team can make this persistent.

Thank you.

Thank you very much for the report.
The particular issue is fixed at MikroTik RouterOS 6.26. Install the latest MikroTik RouterOS version on your router (6.27), then problem will be fixed.

hi sergejs,

thank you for your report. i will upgrade my CCR, and test it again. i will update the result soon. thank you.

Hi All and sergejs,

it's been solved on ROS v6.27

Radius Log Authby HTTPS

*** Received from 10.10.10.1 port 36470 ....
Code: Access-Request
Identifier: 116
Authentic: <173>g!1<212>d<27>cv<231><181>xGnHu
Attributes:
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "1C:65:9D:A6:BB:BA"
Called-Station-Id = "server-hs-public"
NAS-Port-Id = "VLAN100"
User-Name = "andersonlich"
NAS-Port = 2157969481
Acct-Session-Id = "80a00049"
Framed-IP-Address = 100.67.9.2
Mikrotik-Host-IP = 100.67.9.2

Radius Log Authby MAC-Cookie

*** Received from 10.10.10.1 port 52121 ....
Code: Access-Request
Identifier: 172
Authentic: <217><174><207>?gh<133><15>3<204><177><17><183><251>".
Attributes:
NAS-Port-Type = Wireless-IEEE-802-11
Calling-Station-Id = "1C:65:9D:A6:BB:BA"
Called-Station-Id = "server-hs-public"
NAS-Port-Id = "VLAN100"
User-Name = "andersonlich"
NAS-Port = 2157969489
Acct-Session-Id = "80a00051"
Framed-IP-Address = 100.67.9.2
Mikrotik-Host-IP = 100.67.9.2

Thank you

Hi Andersonlich,

I have several CCR series hotspot routers with single FreeRadius. I configured MAC-cookie on all of my router. Customer can connect using MAC-cookie if he is reconnecting to the same router. But when he tries to connect different router, router redirects to login page. Is it possible than MAC-cookie saved on FreeRadius and all of routers check cookie from the Radius server? Then customer can connect to newly visited router without login.

Please share your experience.