Community discussions

MikroTik App
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Radius Framed-Pool Attribute not working

Tue Jun 08, 2010 6:32 am

hi
i have a mikrotik version 4.9.
i'm sending Framed-Pool attribute to assign pppoe clients ip address and the Framed-Pool value is
the name of pool that created in mikrotik but couldnt assing ip to clients.
please help me on this issue.
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: Radius Framed-Pool Attribute not working

Tue Jun 08, 2010 6:43 am

Turn on RADIUS debugging and see what the logs say.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Radius Framed-Pool Attribute not working

Wed Jun 09, 2010 8:46 am

I use it for VPN connections authenticated via a 2k8 NPS server. Works fine. Didnt really have to do anything special.. Sorry I couldnt help more. 5.0b2 FWIW.
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Wed Jun 09, 2010 9:54 pm

Hi
thanks for reply
i 've checked the radius log. it seems that Framed-Pool not exist in Access-Request packet but i'm sure that
i sent this attribute cause while i'm testing with RadiusTest, Radius Server send Access-Accept packet and everythings is ok. but when clients pppoe to mikrotik they get error 738 (the server did not assign ip address).
my radius server is steel-belted.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Radius Framed-Pool Attribute not working

Wed Jun 09, 2010 11:34 pm

Framed Pool shouldnt be sent in access request, only access reply. The RADIUS server is telling the client what IP pool to assign an IP from.

IE: It isnt a check attribute, it is a reply attribute.
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 8:49 am

I know that framed-pool should be send in reply procedure but there is no effect in radius log.
i really dont know where the problem is.
please help me step by step on this
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 1:05 pm

I use FreeRADIUS, and it has radtest. I use it to test new return attributes. When you use RadiusTest, do you see the RADIUS server returning the Framed-Pool attribute you expect for that user in the Access-Accept message?
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 1:24 pm

yes here is the log of RadTest while sending username=test and password=test it returns true pool name
but it is not working on mikrotik.
i have also enabled radius logging on mikrotik but there is no information about what happen to Framed-Pool attribute.


Sending Access-Request of id 177 to 192.168.100.55 port 1812
User-Name = "test"
Password = "test"
rad_recv: Access-Accept packet from host 192.168.100.55 port 1812, id=177, length=83
Class = 0x53425232434cf9dfabdacdd8f5e1cb8011802101800281988002800581aa91aab5a012800e81f9dfabdacdd8f5e1cb8080808588
Framed-Pool = "mypool"
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 1:30 pm

That looks ok. Can you post "/ip address" and "/ip pool"? Mask any public ips if you wish,.
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 2:06 pm

[admin@NOC] /ip pool> print
# NAME RANGES
0 School_int 192.168.10.1-192.168.10.254
1 Internal_VPN 192.168.121.1-192.168.121.6
2 Valid 80.191.1.0-80.191.1.254
3 OlumP 172.30.0.1-172.30.15.254

[admin@NOC] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 172.16.1.2/24 172.16.1.0 172.16.1.255 Ether10-External
1 D 80.191.1.0/32 172.30.0.9 0.0.0.0 <pppoe-wermin>
2 D 80.191.1.0/32 80.191.1.37 0.0.0.0 <pppoe-eccco>
3 D 80.191.1.0/32 80.191.1.19 0.0.0.0 <pppoe-qsrp>
4 D 80.191.1.0/32 80.191.1.7 0.0.0.0 <pppoe-dola665>
5 D 80.191.1.0/32 80.191.1.16 0.0.0.0 <pppoe-alki90>
6 D 80.191.1.0/32 80.191.1.18 0.0.0.0 <pppoe-z67tg>
7 D 80.191.1.0/32 80.191.1.20 0.0.0.0 <pppoe-ahpoor>
8 D 80.191.1.0/32 80.191.1.249 0.0.0.0 <pppoe-paymi>
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 2:08 pm

/ip pool> print
# NAME RANGES
0 School_int 192.168.10.1-192.168.10.254
1 Internal_VPN 192.168.121.1-192.168.121.6
2 Valid 80.191.1.0-80.191.1.254
3 OlumP 172.30.0.1-172.30.15.254
Where is ip pool named "mypool"?
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 2:19 pm

that was just for test i removed it.
i send pool named Valid in reality.

i'm not that newbie man :D
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 2:28 pm

that was just for test
i removed it.
i'm not that newbie man :D
I meant no offense. It is difficult to tell a person's skill level in just a few posts.
Then let's include it! What is the real Framed-Pool value sent from the RADIUS server? That is presuming the data from "ip pool " and "ip address" are valid.

None of the ip pool ranges shown are assigned to any interface. Something I should know about that?

What device is issuing the 80.191.xx.xx ips?

ADD: Then it is your router's dhcp server issuing the 80.191.xx.xx ips on the pppoe interface?
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 3:05 pm

you know here is my network topology.
top.JPG
1)the pool name that i want to send via radius is named "Valid". (80.191.1.x)
2)according to mikrotik documents, we can assign any ip for local address in default profile or any other profile (pppoe clients peer interface).
3)valid range 80.191.1.x is routed over invalid ip (172.16.1.33 --> 172.16.1.2) to mikrotik so no need to assign any ip of this range to any mikrotik ethernet interface.
4)currently i use "Framed-IP-Address" instead of "Framed-Pool" and everything works ok.

i assign ip address that retrived from SQl DB to pppoe clients and there is no problem, but now i want mikrotik to handdle ip addresses so need to send Framed-Pool instead of "Framed-IP-Address".
thats all.
You do not have the required permissions to view the files attached to this post.
 
SurferTim
Forum Guru
Forum Guru
Posts: 4636
Joined: Mon Jan 07, 2008 10:31 pm
Location: Miramar Beach, Florida

Re: Radius Framed-Pool Attribute not working

Thu Jun 10, 2010 3:09 pm

I see your point now. Maybe you have a reason to generate a supout.rif file and email it to support (at) mikrotik.com with a short explanation of the challenge.

ADD: I must admit, I have never tried "Framed-IP-Address" and "Framed-Pool" on the same network.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Radius Framed-Pool Attribute not working

Sun Jun 13, 2010 7:35 pm

ADD: I must admit, I have never tried "Framed-IP-Address" and "Framed-Pool" on the same network.
we're using such setup on v3.28 - all clients get address from private pool, some client receive their own public addresses. works fine for a long time =)
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Sun Jun 13, 2010 9:28 pm

hi Chupaka
thanks for replying.

dont you think anything special on my problem?
what should i do i really need to use "Framed-Pool" attribute. is this attribute should use as VSA (vendor specefic attribute) or just use as standard?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Radius Framed-Pool Attribute not working

Sun Jun 13, 2010 9:40 pm

it's standard one. in my pptp profile, 'Remote Address' is unset, and RADIUS sends Framed-Pool=poolname...

again, v3.28, haven't checked with v4
 
omidh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Tue Oct 27, 2009 4:00 pm
Location: Iran
Contact:

Re: Radius Framed-Pool Attribute not working

Sun Jun 13, 2010 9:51 pm

i dont have remote address in default profile either.
i just use mikrotik as pppoe BRAS and want to hanndle more than 1k clients.
do u suggest me to downgrade to version 3.28? is it ok and optimized for pppoe?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Radius Framed-Pool Attribute not working

Sun Jun 13, 2010 10:03 pm

you may downgrade to 3.28 and check whether it will work with your current RADIUS settings. if v3 works and v4 doesn't - then write to support@mikrotik.com =)
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Radius Framed-Pool Attribute not working

Mon Jun 14, 2010 5:49 am

It worked for me on 3.3, 4.4, 4.5, 4.6, 5.0b1/2.

Who is online

Users browsing this forum: Kindis and 104 guests