Community discussions

 
madman22
just joined
Topic Author
Posts: 9
Joined: Fri Mar 23, 2018 4:28 pm

DHCP+Radius fun

Fri Mar 23, 2018 4:57 pm

We setup a Radius server that responds to the Mikrotik DHCP server. If the mac is not in the "allowed" list on the Radius server, it responds with a different ip pool. The allowed mac addresses get a bandwidth limit for dynamic queueing and the "unauthorized" devices get redirected to a web page to contact support. This portion seems to work flawlessly.

There are 2 main issues:

The DHCP server is not respecting the shorter lease time of the unauthorized leases. I am sending radius attribute 27 (Session-Timeout) with a value of 60. I expect this would change the lease time to 60 seconds.

The DHCP server doesn't seem to be sending Radius requests on the leases renewing. When an unauthorized device requests to renew the ip, it gets the same ip, even if it is now in the "allowed" list, and the Radius counters in the mikrotik do not change. Is there way to force the Mikrotik DHCP server to send Radius requests even if the leases are renewing?

Any ideas?
 
RavenWing71
just joined
Posts: 23
Joined: Thu May 12, 2011 3:52 am

Re: DHCP+Radius fun

Wed Aug 15, 2018 10:45 pm

I'm battling essentially this same situation. I have verified that if I release the IP and then renew, the IP pool changes based on wether or not the account is enabled. But if the DHCP lease is not released and the account is changed to disabled, DHCP renewals don't change pools. I'm running on v6.42.6.
 
madman22
just joined
Topic Author
Posts: 9
Joined: Fri Mar 23, 2018 4:28 pm

Re: DHCP+Radius fun  [SOLVED]

Fri Jul 12, 2019 3:22 am

In case anyone has this problem, my solution was to send the Session-Timeout as a uint32 instead of a string. This also seems to have solved the problem of lease renewals re-authenticating.

Who is online

Users browsing this forum: No registered users and 87 guests