Community discussions

 
skylaer
just joined
Topic Author
Posts: 9
Joined: Sat May 05, 2012 8:25 pm

DHCP accounting and RADIUS packets

Sun May 06, 2012 5:00 pm

Hi all!
We try to use Mikrotik as router and DHCP server.
Switches send DHCP packets to Mtik, Mtik make req to Radius server and receive
dhcp pool name, speed limits...
All work good, but small problem.. No accounting :(
And i don't know IP address of user (from pool), traffic.
And don't know when user stops use address

Maybe it's possible:

1. Send Accounting-Start packet with IP address, when lease and queue created and up?
2. Send Accounting-Stop packet with traffic from queue (if created), when lease dropped?

Many people try to use Opt82 instead PPPxx, it's may be a good solution.
 
pospanko
Member Candidate
Member Candidate
Posts: 272
Joined: Sun Dec 18, 2005 4:23 pm

Re: DHCP accounting and RADIUS packets

Mon May 07, 2012 12:13 pm

Hi all!
We try to use Mikrotik as router and DHCP server.
Switches send DHCP packets to Mtik, Mtik make req to Radius server and receive
dhcp pool name, speed limits...
All work good, but small problem.. No accounting :(
And i don't know IP address of user (from pool), traffic.
And don't know when user stops use address

Maybe it's possible:

1. Send Accounting-Start packet with IP address, when lease and queue created and up?
2. Send Accounting-Stop packet with traffic from queue (if created), when lease dropped?

Many people try to use Opt82 instead PPPxx, it's may be a good solution.
+1
Internet, Mikrotik & Network solutions
http://www.pro-ping.hr
 
wildbill442
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Re: DHCP accounting and RADIUS packets

Mon May 07, 2012 9:03 pm

+1 and Option 82 support.
William Burnett
Network Engineer
 
skylaer
just joined
Topic Author
Posts: 9
Joined: Sat May 05, 2012 8:25 pm

Re: DHCP accounting and RADIUS packets

Tue May 08, 2012 12:23 am

It's really simple to develop - 1 packets send when created and 1 then dropped.
But better way - start, stop and keepalive together :)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: DHCP accounting and RADIUS packets

Thu May 10, 2012 3:50 pm

and Option 82 support.
it's supported for many years already
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
skylaer
just joined
Topic Author
Posts: 9
Joined: Sat May 05, 2012 8:25 pm

Re: DHCP accounting and RADIUS packets

Thu May 10, 2012 9:57 pm

He talks about native support for DHCP OPT82 without radius.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: DHCP accounting and RADIUS packets

Tue May 15, 2012 3:27 pm

He talks about native support for DHCP OPT82 without radius.
but this topic IS about RADIUS ;) I think he should open a new topic (or better a support ticket?) about option82-based (not MAC-based, like now) leases
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
skylaer
just joined
Topic Author
Posts: 9
Joined: Sat May 05, 2012 8:25 pm

Re: DHCP accounting and RADIUS packets

Wed May 16, 2012 5:05 pm

Yes, you right.

After investigation we found a packet from Mikrotik "Accounting = On".
Router send this packet sometimes, but packet not contains any interesting :)
 
pospanko
Member Candidate
Member Candidate
Posts: 272
Joined: Sun Dec 18, 2005 4:23 pm

Re: DHCP accounting and RADIUS packets

Wed Jun 06, 2012 1:48 pm

Normis, is there a chance to add radius accounting message in DHCP? thx
Internet, Mikrotik & Network solutions
http://www.pro-ping.hr
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: DHCP accounting and RADIUS packets

Fri Jun 22, 2012 11:38 pm

I just setup DHCP with RADIUS auth yesterday and thought I had done something wrong when I didn't see accounting start packets. I was expecting a start packet on initial assignment and a stop packet when the lease expires. Perhaps an accounting update packet when the lease is renewed.

Also, I thought I would see an auth request every time the lease was renewed, but I haven't seen any auth requests after the initial request unless I delete the dynamic lease on the mikrotik before the lease is renewed.

We need the accounting packets in an ISP setting to tell us who was using a particular IP 3 months ago without trawling through syslog server archives.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: DHCP accounting and RADIUS packets

Sat Jun 23, 2012 2:45 pm

Also, I thought I would see an auth request every time the lease was renewed, but I haven't seen any auth requests after the initial request unless I delete the dynamic lease on the mikrotik before the lease is renewed.
it's how it works: if you don't set lease timeout in RADIUS Access-Accept, then the value from DHCP server settings is used, and no RADIUS Request is made for lease renewals; if you return timeout from RADIUS, then any renews of that lease will require RADIUS authorization - that's what you're looking for
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: DHCP accounting and RADIUS packets

Mon Jun 25, 2012 5:08 am

Also, I thought I would see an auth request every time the lease was renewed, but I haven't seen any auth requests after the initial request unless I delete the dynamic lease on the mikrotik before the lease is renewed.
it's how it works: if you don't set lease timeout in RADIUS Access-Accept, then the value from DHCP server settings is used, and no RADIUS Request is made for lease renewals; if you return timeout from RADIUS, then any renews of that lease will require RADIUS authorization - that's what you're looking for
Thank you, that is very helpful to know.
 
User avatar
dilnix
just joined
Posts: 5
Joined: Fri Jun 14, 2013 11:33 am
Location: Ukraine
Contact:

Re: DHCP accounting and RADIUS packets

Fri Jun 14, 2013 2:38 pm

it's how it works: if you don't set lease timeout in RADIUS Access-Accept, then the value from DHCP server settings is used, and no RADIUS Request is made for lease renewals; if you return timeout from RADIUS, then any renews of that lease will require RADIUS authorization - that's what you're looking for
dear Chupaka, can you give me some example of how to configure RB DHCP Server to resend option82 data of DHCP request (received from some port L2 commutator) to freeRadius server connected directly to RB????
I'm trying to implement MAC-independent PORT-binded connection to every customer.
I mean, for example, any device with any MAC connected to port 1 of commutator will take from DHCP Server (RB) only one IP-address (192.168.0.1 for example), and no another. If the same device (or any) will connect to another port (for ex. 2) so it will take another IP (192.168.0.2 for ex.).
PLZ
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: DHCP accounting and RADIUS packets

Fri Jun 14, 2013 6:13 pm

can you give me some example of how to configure RB DHCP Server to resend option82 data of DHCP request (received from some port L2 commutator) to freeRadius server connected directly to RB????
as far as I can see, you just cannot disable it. if Option82 info exists in DHCP request, it will be sent to RADIUS

so just set 'use-radius=yes' on your dhcp server and then create radius for service=dhcp
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
Begetan
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Mon Jul 11, 2011 11:49 am

Re: DHCP accounting and RADIUS packets

Fri Jun 14, 2013 8:38 pm

Turn on system->logging->topic dhcp and you will see in og file all information from DHCP request sending to radius. Mikrotik sends probably all information from dhcp request packets, but the correct way to dump and check.
 
skylaer
just joined
Topic Author
Posts: 9
Joined: Sat May 05, 2012 8:25 pm

Re: DHCP accounting and RADIUS packets

Sat Jun 15, 2013 3:43 pm

We know (c)

But the best way is DHCP-Radius packets for start, renew and expire lease.
It;s easy for development and i don't know, why Mikrotik can't do it.
 
User avatar
dilnix
just joined
Posts: 5
Joined: Fri Jun 14, 2013 11:33 am
Location: Ukraine
Contact:

Re: DHCP accounting and RADIUS packets

Mon Jun 17, 2013 1:11 pm

as far as I can see, you just cannot disable it. if Option82 info exists in DHCP request, it will be sent to RADIUS
so just set 'use-radius=yes' on your dhcp server and then create radius for service=dhcp
Thanks, but what about freeRadius configuration? Do you have/know any examples?? or may be you know who can help me?
But the best way is DHCP-Radius packets for start, renew and expire lease.
It;s easy for development and i don't know, why Mikrotik can't do it.
Yes, why Mikrotik can't do it still???
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: DHCP accounting and RADIUS packets

Mon Jun 17, 2013 10:24 pm

Has anyone come up with a way to get the radius accounting information without making users change how their equipment is setup by using mac-auth in the hotspot functionality?

It looks to me like it should be possible to enable hotspot on the customer facing interface and deal with their already DHCP assigned IP address without any login popups. I just don't have any experience with hotspot at all and haven't had time to experiment yet.
 
User avatar
alexcherry
just joined
Posts: 20
Joined: Tue Jan 11, 2011 5:01 pm

Re: DHCP accounting and RADIUS packets

Mon Aug 18, 2014 8:46 pm

Any news about support of accounting for Radius DHCP ? We are using API for gathering information about DHCP radius sessions, but with Radius accounting it should be simpler and standartized.
 
santa
newbie
Posts: 43
Joined: Sun Jul 06, 2014 10:53 pm
Location: POLAND, Gdansk

Re: DHCP accounting and RADIUS packets

Tue Oct 14, 2014 4:29 pm

Yes, I believe there are many people interested in this topic. Any response would be pleased. "We plan to implement" or "We don't plan to implement" would be sufficient :).
 
janmohammadi
just joined
Posts: 5
Joined: Thu Oct 30, 2014 2:06 pm

Re: DHCP accounting and RADIUS packets

Sat Apr 15, 2017 5:41 pm

Yes, I believe there are many people interested in this topic. Any response would be pleased. "We plan to implement" or "We don't plan to implement" would be sufficient :).
+1
Is Mikrotik have any plan to support Accounting requests for DHCP?
Is it possible at all?
 
pospanko
Member Candidate
Member Candidate
Posts: 272
Joined: Sun Dec 18, 2005 4:23 pm

Re: DHCP accounting and RADIUS packets

Tue Aug 29, 2017 4:40 pm

:D +1
Internet, Mikrotik & Network solutions
http://www.pro-ping.hr
 
User avatar
machack
newbie
Posts: 47
Joined: Fri Jun 01, 2007 9:35 pm
Location: San Luis Argentina
Contact:

Re: DHCP accounting and RADIUS packets

Tue Oct 31, 2017 6:05 pm

:) +1
Cesar Javier Robles
www.WindNet.com.ar
MTCNA - MTCTCE - MTCRE - MTCWE
 
rico29
just joined
Posts: 18
Joined: Fri Sep 25, 2009 10:49 am

Re: DHCP accounting and RADIUS packets

Wed Oct 24, 2018 4:23 pm

This post is from 2012, and still have no response for mikrotik team.
Sad...
 
User avatar
tishri
newbie
Posts: 37
Joined: Sat Oct 03, 2009 4:13 pm
Location: Philippines
Contact:

Re: DHCP accounting and RADIUS packets

Sun Feb 17, 2019 1:42 am

What happened to mikrotik? They are selling products without any improvements on features. They are stucked or very slow. Until now they dont have working DHCP accounting. We cannot track the bandwith usage per user based on DHCP leases. It doesn't send to radius server. Useless!

We are now migrating to cisco.
 
User avatar
rdelacruz
newbie
Posts: 34
Joined: Thu Jul 14, 2016 8:12 pm

Re: DHCP accounting and RADIUS packets

Wed Mar 06, 2019 3:07 pm

What's the best way to get the accounting data ( Acct-Input-Octets and Acct-Output-Octets) when using DHCP auth without relying on Mikrotik?
 
User avatar
rdelacruz
newbie
Posts: 34
Joined: Thu Jul 14, 2016 8:12 pm

Re: DHCP accounting and RADIUS packets

Thu Mar 07, 2019 5:16 pm

Image

It would be best if Mikrotik can send these accounting data to the RADIUS every time the device disconnected or through interim updates.
 
saskuu
just joined
Posts: 2
Joined: Sat Mar 16, 2019 8:37 am

Re: DHCP accounting and RADIUS packets

Sat Mar 16, 2019 8:42 am

through interim updates
+1
 
saskuu
just joined
Posts: 2
Joined: Sat Mar 16, 2019 8:37 am

Re: DHCP accounting and RADIUS packets

Wed Apr 17, 2019 9:35 pm

It would be best if Mikrotik can send these accounting data to the RADIUS every time the device disconnected or through interim updates.
+1
 
User avatar
Kamaz
newbie
Posts: 28
Joined: Sun Apr 30, 2017 9:35 am

Re: DHCP accounting and RADIUS packets

Mon Apr 22, 2019 2:14 pm

Yes, I believe there are many people interested in this topic. Any response would be pleased. "We plan to implement" or "We don't plan to implement" would be sufficient :).
+1
 
User avatar
rdelacruz
newbie
Posts: 34
Joined: Thu Jul 14, 2016 8:12 pm

Re: DHCP accounting and RADIUS packets

Wed May 08, 2019 3:38 pm

Yes, I believe there are many people interested in this topic. Any response would be pleased. "We plan to implement" or "We don't plan to implement" would be sufficient :).
+1
 
goabroad
just joined
Posts: 3
Joined: Sun Nov 29, 2015 9:40 pm

Re: DHCP accounting and RADIUS packets

Thu May 09, 2019 10:55 pm

Yes, I believe there are many people interested in this topic. Any response would be pleased. "We plan to implement" or "We don't plan to implement" would be sufficient :).
+1
 
User avatar
rdelacruz
newbie
Posts: 34
Joined: Thu Jul 14, 2016 8:12 pm

Re: DHCP accounting and RADIUS packets

Fri May 10, 2019 8:35 pm

What's new in 6.45beta42 (2019-May-08 12:44):

MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------

Changes in this release:

!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;


I've noticed it and tested, but it's not working yet. Have you successfully tested this one?
 
User avatar
rdelacruz
newbie
Posts: 34
Joined: Thu Jul 14, 2016 8:12 pm

Re: DHCP accounting and RADIUS packets

Wed Jun 19, 2019 1:56 am

rdelacruz - Please note that accounting will work only for those users which has a queue. Data for accounting is taken from queue statistics
Yes, I'm aware of it. Are you referring to this queue?

Image

If yes, can you please confirm that this added feature will work if we use RADIUS for accounting and lease? Thanks
Have you successfully tested this one?
 
User avatar
rdelacruz
newbie
Posts: 34
Joined: Thu Jul 14, 2016 8:12 pm

Re: DHCP accounting and RADIUS packets

Wed Jul 17, 2019 12:53 am

rdelacruz - Please note that accounting will work only for those users which has a queue. Data for accounting is taken from queue statistics
Yes, I'm aware of it. Are you referring to this queue?

Image

If yes, can you please confirm that this added feature will work if we use RADIUS for accounting and lease? Thanks
Have you successfully tested this one?
Has anyone tested this feature? :?
 
pavelkolchanov
just joined
Posts: 3
Joined: Thu Jun 09, 2016 11:01 am

Re: DHCP accounting and RADIUS packets

Thu Aug 08, 2019 3:45 pm

Has anyone tested this feature? :?
I'm trying it on 6.45.3 in combination with radius server from BGBilling. Packets counting working properly, but traffic statistics looks very strange:
08-08/15:35:14  INFO [rdsLstnr-p-7-t-16] InetRadiusProcessor - REQUEST_AFTER_PREPROCESS:
Packet type: Accounting-Request
Identifier: 25
Authenticator: {83 CF 00 41 9C 08 EC 4D E9 BF D9 C3 BE DE FA 1A}
Attributes:
  NAS-Identifier=Core router
  User-Name=00:AD:24:F9:BF:52
  NAS-IP-Address=192.168.16.1
  NAS-Port=-2095054647
  Framed-IP-Address=172.16.58.9
  Acct-Status-Type=3
  Acct-Delay-Time=0
  Acct-Input-Octets=938520311
  Acct-Output-Octets=938520311
  Acct-Session-Id=c9002083
  Acct-Authentic=2
  Acct-Session-Time=259
  Acct-Input-Packets=670430
  Acct-Output-Packets=108219
  Acct-Input-Gigawords=0
  Acct-Output-Gigawords=0
  Event-Timestamp=1565267714
  NAS-Port-Type=15
  Called-Station-Id=client-58
  Calling-Station-Id=1:0:ad:24:f9:bf:52
Снимок экрана_2019-08-08_15-35-41.png
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Baidu [Spider] and 114 guests