Community discussions

MikroTik App
 
gorbushka
just joined
Topic Author
Posts: 2
Joined: Thu Apr 29, 2021 2:29 pm

Mikrotik + EAP accounting

Thu Apr 29, 2021 2:59 pm

Hello
ROS 6.48.1
Recently i've installed capsman. There are SSID1( WPA2 EAP) + SSID2 (open hotspot with MAC-addr auth). We used freeradius as AAA-server
All seems work fine, but there is no User-name and Framed-IP-Address in start-accounting packet from SSID1. Why it can be happen?
14:19:51 radius,debug,packet sending Accounting-Request with id 54 to 10.254.6.220:1873 
14:19:51 radius,debug,packet     Signature = 0xd082dd982dd60539a62cb57b490d9a65 
14:19:51 radius,debug,packet     Service-Type = 2 
14:19:51 radius,debug,packet     NAS-Port-Id = "cap16" 
14:19:51 radius,debug,packet     NAS-Port-Type = 19 
14:19:51 radius,debug,packet     User-Name = "" 
14:19:51 radius,debug,packet     Class = 0x739006f100000137000102000afe06ea 
14:19:51 radius,debug,packet       00000000000000000000000001d6d95e 
14:19:51 radius,debug,packet       481289d60000000000066a86 
14:19:51 radius,debug,packet     Acct-Session-Id = "82100014" 
14:19:51 radius,debug,packet     Calling-Station-Id = "E0-CC-F8-DB-CC-30" 
14:19:51 radius,debug,packet     Called-Station-Id = "E6-8D-8C-19-68-04:SSID1" 
14:19:51 radius,debug,packet     Acct-Authentic = 1 
14:19:51 radius,debug,packet     Acct-Status-Type = 1 
14:19:51 radius,debug,packet     NAS-Identifier = "Wi-Fi-2/main" 
14:19:51 radius,debug,packet     Acct-Delay-Time = 0 
14:19:51 radius,debug,packet     NAS-IP-Address = 10.254.253.100 

But at the same time in open hotspot SSID2, there are an User-Name and Framed-IP-Address in accounting
14:52:13 radius,debug,packet sending Accounting-Request with id 66 to 10.254.6.220:1873 
14:52:13 radius,debug,packet     Signature = 0x89e0896f6c57dc034ea98eba70148aad 
14:52:13 radius,debug,packet     Acct-Status-Type = 1 
14:52:13 radius,debug,packet     NAS-Port-Type = 19 
14:52:13 radius,debug,packet     Calling-Station-Id = "E0:CC:F8:DB:CC:30" 
14:52:13 radius,debug,packet     Called-Station-Id = "wfm" 
14:52:13 radius,debug,packet     NAS-Port-Id = "Wi-Fi_bridge" 
14:52:13 radius,debug,packet     User-Name = "E0:CC:F8:DB:CC:30" 
14:52:13 radius,debug,packet     NAS-Port = 2150629497 
14:52:13 radius,debug,packet     Acct-Session-Id = "80300079" 
14:52:13 radius,debug,packet     Framed-IP-Address = 192.168.91.179 
14:52:13 radius,debug,packet     MT-Host-IP = 192.168.91.179 
14:52:13 radius,debug,packet     Event-Timestamp = 1619697133 
14:52:13 radius,debug,packet     NAS-Identifier = "Wi-Fi-2/main" 
14:52:13 radius,debug,packet     Acct-Delay-Time = 0 
14:52:13 radius,debug,packet     NAS-IP-Address = 10.254.253.100 
There is also present eap-radius-accounting=yes in capsmap config
/caps-man channel
add band=2ghz-g/n comment="11 channel" control-channel-width=20mhz extension-channel=disabled frequency=2462 name=2Ghz-20-g.n-11 tx-power=16
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=XX name=5Ghz
/caps-man datapath
add bridge=bridge-Wi-Fi-operators-radius name=datapath-SSID1
add bridge=Wi-Fi_bridge name=datapath-SSID2
/caps-man security
add authentication-types=wpa2-eap eap-methods=passthrough eap-radius-accounting=yes encryption=aes-ccm group-encryption=aes-ccm name=sec-SSID1 tls-certificate=none
add authentication-types="" encryption="" group-encryption=tkip name=sec-SSID2
/caps-man configuration
add channel=2Ghz-20-g.n-X  datapath=datapath-SSID1 mode=ap name=radius rx-chains=0,1,2 security=sec-SSID1 ssid=SSID1 tx-chains=0,1,2
add channel=2Ghz-20-g.n-X  datapath=datapath-SSID2 mode=ap name=Guest rx-chains=0,1,2 security=sec-SSID2 ssid=SSID2 tx-chains=0,1,2

/caps-man aaa
set interim-update=5m
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled identity-regexp="Wi\\-Fi\\-2\\/main" master-configuration=cfg-main-2/main slave-configurations=Guest,radius
Radius config
/radius
add accounting-port=1873 address=10.254.6.220 authentication-port=1872 secret=secret service=hotspot,wireless src-address=10.254.253.100 timeout=3s
 
onnyloh
just joined
Posts: 2
Joined: Wed Feb 28, 2018 9:12 am

Re: Mikrotik + EAP accounting

Sun Oct 03, 2021 3:35 pm

Have you resolve it? i'm facing simiilar issues.
 
vogtdominik
just joined
Posts: 16
Joined: Fri Mar 22, 2019 2:39 pm

Re: Mikrotik + EAP accounting

Tue Mar 29, 2022 4:50 pm

I know this thread is stale, but since there had been a second request, I wanted to give my understanding.
Those are 2 different Accounting Messages. The first is based on the EAP-Accounting and the second based on the Hotspot-Accounting. Thats why you are seeing different information. Especially when you have a look at the Called-Station-Id.

I believe the first Called-Station-Id can be set via
/caps-man aaa set called-format=mac:ssid


and the second Called-Station-Id is set via
/ip hotspot add name=wfa ... 
Best wishes Dominik
 
hil
just joined
Posts: 1
Joined: Sun Aug 21, 2022 3:25 pm

Re: Mikrotik + EAP accounting

Sun Aug 21, 2022 3:31 pm

An old topic, I know. But for me it is still not clear. I would like to see 'EAP-Identity' as shown with 'caps-man registration-table print detail' in Radius accounting. Is that possible?

Kind regards,
Alexander

Who is online

Users browsing this forum: No registered users and 28 guests