Community discussions

 
pmurdock
newbie
Topic Author
Posts: 32
Joined: Sun Jul 03, 2005 7:39 am
Location: Herriman, Utah
Contact:

Core DHCP-RADIUS / MPLS/VPLS+VLAN

Tue Oct 08, 2019 5:22 pm

Trying to conceptutally work this out.

I have VPLS tunnels working to the CORE DHCP server.. RADIUS is working by DHCP auth to a freeradius 3.0 server.

I would like to take this to the next level.. :)

have RADIUS/DHCP hand out public ip's vs CGNAT ip's based on customer service level.

At first I thought to have RADIUS send VLAN reply-attribute set a VLAN.. and then based on the VLAN the end user receives can determine if they receive a public or natted ip.

Questions
1) Can VLAN be set by reply-attribute (using mikrotik gear)?
2) passing VLAN's over VPLS link.. need multiple VPLS links or can 1 VPLS handle multiple VLAN's?
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Core DHCP-RADIUS / MPLS/VPLS+VLAN

Tue Oct 08, 2019 8:10 pm

I've done this for a number of clients with Radius DHCP over VPLS except for the dynamic VLAN assignment which can be done one of two ways with radius:

via dot1x or on wireless using CAPSMAN.

If those don't work for you, I would probably use the API to set the VLAN based on the radius response. Also, you can definitely tag more than one VLAN over the VPLS tunnel so that's not an issue.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
madman22
just joined
Posts: 9
Joined: Fri Mar 23, 2018 4:28 pm

Re: Core DHCP-RADIUS / MPLS/VPLS+VLAN

Thu Oct 10, 2019 8:19 pm

I created a dhcp-client script that reads option 43 from DHCP and converts it from "ip:speed" to the corresponding loopback ip for the loopback interface and ospf router-id and the speed gets applied to the queue. You could use "ip:vlan" and have the script apply the vlan tag. I had to stop using radius backed dhcp and just use a custom dhcp server that does mac authentication directly.

Who is online

Users browsing this forum: No registered users and 10 guests