Community discussions

MikroTik App
 
ggallo
just joined
Topic Author
Posts: 4
Joined: Fri Aug 10, 2018 7:24 pm

PPPoE (and others) RADIUS accounting

Thu May 18, 2023 1:16 am

Hi All!

I'd like to use RADIUS accounting for local login and PPPoE server sessions, and some DHCP server IP assingments on multiple CCR1036s (RouterOS 6.x on all of them) to FreeRADIUS 3.0 server using MySQL backend for accounting and LDAP server for authentication.

I set up everything as per documentation and forums, and I can successfully authenticate with test users defined on RADIUS server (authentication come from LDAP), but I have very limited amount of accounting info in the SQL database (which stores accounting), far less than expected.

I get accounting for PPPoE and login sessions only if the RADIUS server authenticates the user. Locally (by router) authenticated PPPoE or login sessions never accounted on RADIUS server. Even no RADIUS interaction from router after local auth.

I get some DHCP assingment accounting (I set some DHCP servers to "use-radius=accounting") which get addresses from local pool (not from RADIUS server), but far less assingments accounted than addresses assigned by the router. I even can't figure out, how it's decided to send to RADIUS accounting a lease or not...

I see no errors on neither router or RADIUS server side.

Is this the expected behavior, or is this a bug or maybe I missed some configuration?

Thank your for your help!
 
AlainMG
just joined
Posts: 6
Joined: Fri Aug 25, 2023 4:52 pm

Re: PPPoE (and others) RADIUS accounting

Mon Sep 04, 2023 4:13 pm

Hi,
I don't know if my NAS configuration bellow can help you or not, because me too, I've same issue with my PPPoE accounting, VALUE OF Upload/Download accounted in RADIUS exceed the packet send.
1/ Configuration on mikrotik PPPoE server + Radius server:

[admin@pppoe-server] > export
# aug/18/2023 10:36:15 by RouterOS 6.49
# software id = MBRE-5SPN
#
# model = CCR1016-12S-1S+
# serial number = D5470DC823FC
/interface vlan
add interface=sfp2 name=vlan50 vlan-id=50
/interface list
add name=WAN
add name=LAN
/ip pool
add name=pool1 ranges=10.20.30.2-10.20.30.5
/ppp profile
set *0 local-address=10.20.30.1
/tool user-manager profile
add name=Silver-1M name-for-users=user1 override-shared-users=off owner=admin price=0 starts-at=logon validity=0s
/tool user-manager profile limitation
add address-list="" download-limit=0B group-name="" ip-pool=pool1 ip-pool6="" name=1M owner=admin rate-limit-min-rx=1024B rate-limit-min-tx=1024B rate-limit-rx=\
2097152B rate-limit-tx=2097152B transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool=pool1 ip-pool6="" name=limit1 owner=admin rate-limit-min-rx=1024B rate-limit-min-tx=1024B rate-limit-rx=\
1024B rate-limit-tx=1024B transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name="" ip-pool=pool1 ip-pool6="" name="Full access" owner=admin transfer-limit=0B upload-limit=0B uptime-limit=0s
add address-list="" download-limit=0B group-name=Gp-silver ip-pool=pool1 ip-pool6="" name=Burst-test owner=admin rate-limit-min-rx=131072B rate-limit-min-tx=524288B \
rate-limit-priority=1 rate-limit-rx=131072B rate-limit-tx=524288B transfer-limit=0B upload-limit=0B uptime-limit=0s
/ip neighbor discovery-settings
set discover-interface-list=none
/interface list member
add interface=sfpplus1 list=WAN
add list=LAN
/interface pppoe-server server
add disabled=no interface=vlan50
/ip address
add address=192.168.1.184/24 interface=sfp1 network=192.168.1.0
add address=10.10.10.2/30 interface=sfp3 network=10.10.10.0
/ip route
add distance=1 dst-address=80.80.80.0/24 gateway=10.20.30.5
/ppp aaa
set use-radius=yes
/radius
add address=40.40.40.2 secret=radius23 service=ppp
/radius incoming
set accept=yes
/system identity
set name=pppoe-server
/tool user-manager database
set db-path=user-manager
/tool user-manager profile profile-limitation
add from-time=0s limitation=Burst-test profile=Silver-1M till-time=23h59m59s weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router
add coa-port=3799 customer=admin disabled=no ip-address=40.40.40.2 log=auth-fail name=Router-1 shared-secret=radius23 use-coa=yes
/tool user-manager user
add customer=admin disabled=no ipv6-dns=:: password=user1 shared-users=1 username=user1 wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
/user aaa
set use-radius=yes


2/ Configuration for mikrotik PPPoE client:

[admin@MikroTik] > export
# aug/09/2023 12:51:25 by RouterOS 7.8
# software id = QTC7-NYSP
#
# model = CRS310-1G-5S-4S+
# serial number = HCQ0833MBR5
/interface ethernet
set [ find default-name=sfp2 ] mtu=1580
/interface vlan
add interface=sfp2 mtu=1580 name=vlan50 vlan-id=50
/interface pppoe-client
add add-default-route=yes interface=vlan50 name=pppoe-out1 user=user1
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool2 ranges=80.80.80.2-80.80.80.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=sfp3 lease-time=30s name=dhcp2
/ip address
add address=80.80.80.1/24 interface=sfp3 network=80.80.80.0
add address=192.168.1.185/24 interface=sfp5 network=192.168.1.0
/ip dhcp-server network
add address=80.80.80.0/32 dns-server=0.0.0.0 gateway=80.80.80.1 netmask=24
add address=80.80.80.0/24 gateway=80.80.80.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp3
/ppp aaa
set accounting=no
/radius
add address=40.40.40.2 service=ppp

Best regards,
 
AlainMG
just joined
Posts: 6
Joined: Fri Aug 25, 2023 4:52 pm

Re: PPPoE (and others) RADIUS accounting

Mon Sep 04, 2023 4:16 pm

I send in attachement my topologie.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Bing [Bot], TeWe, UkRainUa and 88 guests