Community discussions

 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Sat Feb 06, 2010 6:32 am

Radius NAS Identifier

Fri Apr 30, 2010 5:58 pm

The NAS identifier sent seems to be the Identity of the system, I haven't found a way to change this. Could a NAS Identifier field be added to the radius profile such that you can change the NAS Identifier for different radius profiles.
 
User avatar
martini
Member Candidate
Member Candidate
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Re: Radius NAS Identifier

Fri Apr 30, 2010 6:13 pm

/system identity set name=NAS-identity
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Sat Feb 06, 2010 6:32 am

Re: Radius NAS Identifier

Fri Apr 30, 2010 7:48 pm

I want/need the ability to set the NAS ID to be different for different radius profiles. if I use that method, all the radius profiles use the same NAS ID.
 
savage
Forum Guru
Forum Guru
Posts: 1213
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Radius NAS Identifier

Mon May 03, 2010 10:50 am

Doesn't work like that. NAS-Identity is normally the hostname of the router (set in system identity on MT). If your identities are the same for what ever reason, it's bad designing IMHO. See if you can do something using NAS-IP-Address instead, surely, you can't have NAS devices with the same IP address as well ?
Regards,
Chris
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Sat Feb 06, 2010 6:32 am

Re: Radius NAS Identifier

Thu May 06, 2010 12:00 am

Doesn't work like that. NAS-Identity is normally the hostname of the router (set in system identity on MT). If your identities are the same for what ever reason, it's bad designing IMHO. See if you can do something using NAS-IP-Address instead, surely, you can't have NAS devices with the same IP address as well ?
This is the reverse of what I want. I want the ability to set multiple NAS-Identities on the same router. The way our radius server parses sessions is by NAS-ID. So I want to be able to create multiple radius servers in the MikroTik, going to the same radius server address, but sending different NAS-IDs.
 
savage
Forum Guru
Forum Guru
Posts: 1213
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Radius NAS Identifier

Thu May 06, 2010 12:07 am

As I said, Radius doesn't work like that. It's not supported by Mikrotik, not supported by the industry at large. You'll have a hard time finding a NAS device which will allow you to do what you want.
Regards,
Chris
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Radius NAS Identifier

Thu May 06, 2010 12:10 am

What are you using RADIUS for? Hotspots, for example, let you set Location attributes.
 
krakenant
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Sat Feb 06, 2010 6:32 am

Re: Radius NAS Identifier

Thu May 06, 2010 1:01 am

As I said, Radius doesn't work like that. It's not supported by Mikrotik, not supported by the industry at large. You'll have a hard time finding a NAS device which will allow you to do what you want.
The HP MSM series access controllers allow it, so do Nomadix devices.

We are using them for hotspots. We have thousands of hotspots using many different brands of hardware. We have a radius solution that parses the radius requests to a specific location in our database based on the NAS-ID. This solution existed before we started using MikroTiks and thus it is unlikely that will be changed. We use the NAS-ID because we can set it to something static, and don't have to worry about IP addresses since they are often dynamic and we have other functions that use the static NAS-ID.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Radius NAS Identifier

Thu May 06, 2010 2:01 am

I'm in the same boat, migrating away from hundreds of other captive gateways that all support NAS-ID per RADIUS profile. We ended up having to extend our RADIUS configuration to support the Location attribute as anything with NAS-ID simply wasn't workable with RouterOS, unless you can justify limiting yourself to one Hotspot per router.

Edit: it ended up not being all that hard - everything in the databases is coded into a location field, all we ended up doing was parse RouterOS in a different RADIUS group so that the same stored procedures end up getting used, but are passed the Location attribute rather than the NAS-ID. It's some duplication of efforts, but supportable.
 
tombee79
Member Candidate
Member Candidate
Posts: 247
Joined: Sun May 09, 2010 2:28 am

Re: Radius NAS Identifier

Fri Jan 07, 2011 7:12 am

Hi

Fewi can you be more specific in steps how you have accomplished that? to get the by Location rather than by NAS-ID to work for more than 1 hotspot on one router?


My old threads about this issue: http://forum.mikrotik.com/viewtopic.php ... 31#p243931

I have done it in complicated and not effective way, with Ip alies and each hot spot on own subnet mask , connecting/authenticating to own separate subscriber , i had as many types of hotspot as many types of subscribers on User Manager (Radius). ver.4

Thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: Radius NAS Identifier

Fri Jan 07, 2011 5:49 pm

I replied in that thread. My solution doesn't apply to you. I don't use User Manager.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

Who is online

Users browsing this forum: Google [Bot] and 114 guests