Community discussions

MikroTik App
 
Syonyk
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Mon Feb 14, 2005 6:32 pm
Location: Coralville, IA
Contact:

RADIUS, PPPoE, profiles, and address pools: How to do this?

Tue Apr 18, 2006 8:56 pm

I'm not sure if my approach is the proper way of doing this, so I'm going to describe what I'm trying to do, what my current plan is, and we can go from there.

I'm moving our ISP network over to entirely PPPoE/RADIUS for address assignment. This ties in with our management system (http://www.ispbrain.com), as well as makes my life a lot easier (I don't need to handle static IP addresses anymore, and I can add addresses to a router easily).

I would like to be able to hand out three totally different classes of address: Public IPs (for business clients), private IPs (for residential clients who don't need a public IP), and private IPs (for radios, separate from the residential range). All the devices will be getting their IP via PPPoE, authenticated against a RADIUS server.

The ideal solution would be to have three different profiles in a router, each with their own address pool assigned. The client would authenticate against the RADIUS server, receive the profile, and get assigned an IP out of the pool.

I'm not sure that this is supported, unfortunately. I haven't found a RADIUS attribute that appears to be "PPP Profile to use."

The other option I was thinking of is assigning each user/device a static IP in the RADIUS database, returned as Framed-IP-Address (I believe). This would require some work on the management system, but should work as well. Regardless of the way I hand out IPs, I'll be sending the Rate-Limit reply to set the bandwidth queues.

Any thoughts? Am I somehow missing the RADIUS attribute that selects the PPP profile? Or should I just hand out Framed-IP-Address with the RADIUS replies?

-=Russ=-
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Tue Apr 18, 2006 9:28 pm

The parameter you are looking for is "Framed-Pool". This one allows you to send the name of the ip pool to use to your RouterOS machine in an Access-Accept message.

Best regards,
Christian Meis
 
Syonyk
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Mon Feb 14, 2005 6:32 pm
Location: Coralville, IA
Contact:

Wed Apr 19, 2006 6:55 pm

The parameter you are looking for is "Framed-Pool". This one allows you to send the name of the ip pool to use to your RouterOS machine in an Access-Accept message.

Best regards,
Christian Meis
Beautiful. That works perfectly. Thanks!

-=Russ=-
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Wed Apr 19, 2006 9:50 pm

You're welcome ;)

Best regards,
Christian Meis
 
wildbill442
Forum Guru
Forum Guru
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Thu Apr 20, 2006 4:07 am

Syonyk,

What RADIUS sever are you using? I'm wondering because I'm going to be implementing a very similar setup.
 
Syonyk
Member Candidate
Member Candidate
Topic Author
Posts: 109
Joined: Mon Feb 14, 2005 6:32 pm
Location: Coralville, IA
Contact:

Thu Apr 20, 2006 8:26 am

Sacramento! I used to live there!

The short answer is FreeRADIUS on Linux. Be aware that you'll want to download the Mikrotik 'dictionary' file to replace the stock FreeRADIUS one - without this, some of the RADIUS attributes won't get passed around because FreeRADIUS won't know what they are.

The long answer is ISPBrain. It's a ground-up product that interfaces with Mikrotik routers and does billing, user authentication, wireless mesh management, device latency tracking, managed switch magic, and a lot of other fancy things.

If you've got questions, feel free to get in touch with me. AIM works, and I'm also usually on Efnet & irc.arstechnica.com as Syonyk.

-=Russ=-

Who is online

Users browsing this forum: Google [Bot], keogk and 92 guests