Community discussions

MUM Europe 2020
 
keysers0ze
just joined
Topic Author
Posts: 10
Joined: Mon Sep 01, 2014 5:19 pm

DMA Radius + Dynamic VLAN + CAPsMAN2 (HotSpot)

Wed Jan 13, 2016 7:02 pm

is this possible ? :shock:
*updated again by my self - see below..(Updated answers + (proper way to add custom attributes))
Mikrotik.Radius.Dynamic.VLAN-small.jpg
- What is the correct way for typing "custom attribute". (i have added these attributes to "../dictionary.mikrotik")
+ Attribute1_Text="value",Attribute2_Text="value" (attributes inline comma separated).

- Is radius attributes case-sensitive ? (as typed in dictionary)
+Tested and it is not "case-sensitive".

- Is local-forwarding possible on this kind of setup ? (dynamic vlan + hotspot)
+local-forwarding possible with Mac Account. (do not know as "Regular user" and with Hotspot)

- Can dynamic vlan be done with wireless-fp package ? (loosing central management etc..)


A=10
B=11


Custom Radius Attribute
################################
Mikrotik_Wireless_VLANID="0x0000000B",Mikrotik_Wireless_VLANIDtype="0x00000000"
################################


#radtest -x user pass localhost 1812 secret123

++[sqlippool] returns noop
Exec-Program output: Mikrotik-Rate-Limit="5242880/10485760",Mikrotik_Wireless_VLANID="0x0000000B",Mikrotik_Wireless_VLANIDtype="0x00000000",
Exec-Program-Wait: value-pairs: Mikrotik-Rate-Limit="5242880/10485760",Mikrotik_Wireless_VLANID="0x0000000B",Mikrotik_Wireless_VLANIDtype="0x00000000"
Exec-Program: returned: 0
++[exec] returns ok
Sending Access-Accept of id 186 to 127.0.0.1 port 39523
Mikrotik-Rate-Limit = "5242880/10485760"
Mikrotik_Wireless_VLANID = 11
Mikrotik_Wireless_VLANIDtype = 0
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 186 with timestamp +102
Ready to process requests.
#####################################

#radiusd -X

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=186, length=68
Mikrotik-Rate-Limit = "5242880/10485760"
Mikrotik_Wireless_VLANID = 11
Mikrotik_Wireless_VLANIDtype = 0

##################################


VLANs are working with multiple SSID...
Mikrotik.Multiple.SSID.VLAN-small.jpg

br.
.k
You do not have the required permissions to view the files attached to this post.
Last edited by keysers0ze on Mon Jan 18, 2016 4:21 pm, edited 2 times in total.
 
User avatar
pukkita
Trainer
Trainer
Posts: 3001
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: DMA Radius + Dynamic VLAN + CAPsMAN2 (HotSpot)

Thu Jan 14, 2016 11:15 am

AFAIK radius attributes are case-sensitive.

Regarding the "proper" way to add them, you'll have to ask DMA, as their radius server is a hacked freeradius version, no longer a "standard" radius implementation.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
keysers0ze
just joined
Topic Author
Posts: 10
Joined: Mon Sep 01, 2014 5:19 pm

Re: DMA Radius + Dynamic VLAN + CAPsMAN2 (HotSpot)

Thu Jan 14, 2016 3:41 pm

AFAIK radius attributes are case-sensitive.

Regarding the "proper" way to add them, you'll have to ask DMA, as their radius server is a hacked freeradius version, no longer a "standard" radius implementation.

Thanks for commenting. I did find out that it is not case-sensitive and updated proper way for adding attributes. i did basic radius debug and radius was answering correctly for radtest.

- I think DMA tuned Radius is quite normal "freeradius" when it comes to attributes etc.. i was just thinkin exactly how attributes are written.. what kind of value is "/*integer*/ -> 32 bit value in big endian order (high byte first)"
- Theres missin exact examples... 0x0000000A=10, 0x0000000B=11 (http://www.binaryhexconverter.com/decim ... -converter)



br.
.k
 
keysers0ze
just joined
Topic Author
Posts: 10
Joined: Mon Sep 01, 2014 5:19 pm

Re: DMA Radius + Dynamic VLAN + CAPsMAN2 (HotSpot)

Fri Jan 15, 2016 8:40 am

Radius Sends Attribute to Mikrotik Router v.6.34RC36. Mikrotik Doesnt recognize attribute.

Log "radius, debug, packet"

............................
Unknown-Attribute(vendor=MT, type=26) = 0x0000000b
Unknown-Attribute(vendor=MT, type=27) = 0x00000000
.............................

####################

If i Set in "CAPsMAN2 Access List -> mac address + use tag + vlan 11" Router will local forward client correctly to VLAN11. So local forwarding bridge with vlans are correctly set.


br.
.k
 
keysers0ze
just joined
Topic Author
Posts: 10
Joined: Mon Sep 01, 2014 5:19 pm

Re: DMA Radius + Dynamic VLAN + CAPsMAN2 (HotSpot)

Mon Jan 18, 2016 4:18 pm

Ok,

Progress...

1. MAC Account to DMA Radius and Added needed "Custom attributes" to it.
2. CAPsMAN2 -> Added radius server and enabled wireless, Then inside Capsman2 -> access-list added access-rule with action=query-radius. (now when client connecting it will ask radius is it allowed to connect and which vlan it belongs to.)

So now it is possible to change vlan access for that specific client (Directly from DMA Radius)..


It works. BUT only by MAC address not by username / passsword (Radius "regular user"). And hotspot/captive portal not launching when the client is allready on different vlan than hotspot....


br.
.k

Who is online

Users browsing this forum: Bergante, jstepnicka, PwFactor, readnews2007, SiB, SJB and 160 guests